Data theft occurs when any data that was not intended to be shared is obtained, normally in a malicious or illegal way. Data theft has increased in recent years largely because of the growing number of people and employees with access to data. Business databases, desktops, handheld devices, phones, flash drives and cameras can all be used by thieves to steal data.
Why fraudsters do it
Monetary gain is the main reason for thieves to steal data and is often used in coordination with fraud, account takeover, and many other malicious reasons. Additionally corporate spying, competition and data theft happen to give people, groups of businesses advantage over another. Data theft is a major problem for many businesses because of security, reputation and financial loss.
Examples of most popular data theft
Yahoo – 2013-2014
In 2016 Yahoo admitted that it was a victim of a state-sponsored hack and data theft a few years before. Over 1 billion users real names, emails and phone numbers were obtained by bad actors. Yahoo announced that passwords were obtained using an advanced bcrypt algorithm.
eBay – 2014
eBay had 145 million users data compromised in 2014 that exposed names, addresses, dates of birth and passwords. Hacker reportedly breached eBay’s network using passwords of three corporate employees. The hackers were inside of the eBay servers for 229 days.
Equifax – 2017
143 million consumers had most of their personal data, including social security numbers, stolen from the creditor Equifax. 209 thousand people had their credit card data exposed as well. The breach was discovered in July, but was likely started in May.
There are many more examples of major data theft that have resulted in consumer fraud and business loss for brands. Data theft is one of the most frequent types of digital fraud.
Why is the theft of credentials a problem for every other website?
It’s human nature to repeat credentials from site to site. If your credentials are stolen during data theft, they are then used to login on other sites like banks, social media, email, ecommerce, airlines and more. Brute force attacks with stolen credentials typically spike after a major data breach is publicly available. A certain percentage of brute force attacks are successful. From the data stolen on website A, account takeover happens on website B, C and D for the user. This leads to fraud and a customer service nightmare for the brands. Any website with a login should worry about bad bots testing stolen credentials around the clock.
