Looking to explore and understand how quickly sensitive data can travel once its been stolen, Bitglass generated 1,568 fake names, social security numbers, credit card numbers, addresses and phone numbers which it anonymously shared on the Dark Web and tracked to determine just how and where the data was dispersed.
The Dark Web, as described by Bitglass, is a chunk of the internet not indexed by Google or other search engines and estimated to be 500 times larger than sites that are indexed. To access it, specific tools and applications are required, Bitglass said.
The data travelled quickly, hitting 22 countries and 5 continents in less than 2 weeks, where it was accessed over 1,000 times and downloaded from 47 unique locations. The most common locations the data was accessed were Nigeria, Russia and Brazil, and Bitglass said the data was acquired and shared by crime syndicates in both Nigeria and Russia as they sought to verify the validity of the sham info.
The study comes at a time when security breaches are becoming more common, such as the Premera Blue Cross breach that occurred earlier this year that resulted in the exposure of 11 million patients private medical data.
Bitglass said that in 2014, 738 data breaches were reported, which was a 27.5% increase from 2013. The average time it takes to discover a breach currently is 205 days, Bitglass said, and 53% of such breaches stem from malware or hacks. This year, so far, Bitglass said there have already been 174 breaches affecting nearly 100 million customer records.
“Bitglass’ mission is to protect corporate data outside of the firewall – anywhere it goes on the internet. This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early. Our Breach Discovery service helps organizations limit the damage from data breaches,” CEO Nat Kausik said in a press release.