Every second, somewhere in the world, we hear news of hackers stealing data from individuals and companies of all sizes.
Stolen data can include, but is not limited to: names, passwords, credit card numbers, and health records. Attackers leverage increasingly sophisticated techniques to enhance their chances of success. It could be a phishing email or malicious software you download—that’s where it all begins.
Let’s assume a breach has occurred. Hackers have your data or that of your organisation. Have you thought about the potential use cases of the stolen data?
Data is often referred to as the “new oil”, making it crucial to recognize the consequences of a breach and the need to safeguard diligently.
How Hackers Use Stolen Data
Mr. Charles Yao Koge, a cybersecurity analyst at e-Crime Bureau, believes motive plays a key part in the aftermath use cases of stolen data.
“The motive behind the act will give an idea of what data they want and what they are going to use it for,” says Koge in an online interview. It could be an attacker aiming for financial gain, a hacktivist aiming to expose corrupt actions, or a curious hacker trying new methodologies.
These motives could extend beyond data harvesting to identity theft, account takeovers, the orchestration of phishing, or worst case, the sale or publishing on the dark web.
Potential use cases of stolen data
1. Identity Theft and Fraud
Cybercriminals use stolen personal information to impersonate victims and commit financial fraud or other illicit activities. They can open bank accounts, apply for loans, obtain credit cards, or even file fraudulent tax returns in the victim’s name.
More importantly, they can impersonate a trusted authority to gain the trust of the masses. “Hackers harvest the data of prominent people to gain access to their social media accounts to misuse it,” Mr. Koge added.
A real-world example points to the recent incident involving the Ghanaian President, where hackers got access to his social media account to promote crypto scams. They probably got access to his credentials through a phishing campaign, the initial stage attackers got hold of his identity.
Identity theft could also lead to SIM swapping. When an attacker has enough information about you, they can leverage that as evidence to perform certain actions on your behalf, in this context, swap numbers.
2. Selling Data on the Dark Web
Hackers frequently monetize stolen data by selling it on dark web marketplaces that operate beyond the reach of law enforcement. Data such as social security numbers, credit card details, login credentials, and passport information are sold for varying prices.
“The dark web consists of both the bad guys and the good guys. There is a marketplace on the dark web where vital information is being sold. Investigative journalists and others go to the dark web to buy information.” Buyers then use this information for further crimes, including fraud, blackmail, or targeted cyberattacks.
Sometimes hackers, out of their will, expose stolen data for zero profit. And that can cause serious damage to an organisation’s reputation and trust. Publicly exposed data makes room for everyone to hop on. A real-life incident involved LinkedIn in 2021 where millions of data were breached.
3. Business Espionage
Corporate data, including trade secrets, proprietary technologies, and internal communications, is highly valuable to competitors and nation-states. Hackers target sensitive business information to gain insights into research and development projects, financial strategies, or future business plans.
Such theft allows rival companies or governments to gain unfair advantages, save research costs, and strategically outmaneuver legitimate firms. Business espionage operations are often highly sophisticated, involving spear-phishing, malware, insider threats, and supply chain compromises.
Successful attacks can cripple a company’s operations, erode shareholder value, result in the loss of competitive edge, and cause irreversible reputational harm.
A significant real-world example was in 2017 when Uber stole trade secrets from its competitor Waymo.
4. Phishing and Social Engineering
Stolen personal details enable hackers to craft highly convincing phishing messages targeting individuals and organizations. Cybercriminals use this information to manipulate victims into revealing further confidential data or performing an action that could benefit the attacker.
Social engineering attacks, when personalized, significantly increase the success rate of subsequent cyber crimes. It’s no surprise that social engineering has been the reason for more than 98% of attacks.
What makes it effective is the personalization it comes with. You can never doubt your mom’s voice, you are likely to trust someone who spills out certain facts about you, and the possibility of you clicking a link from a trusted source is high.
Spear phishing is a common attack facing organisations. A hacker can impersonate a Chief Technology Officer(CTO) or Chief Information Security Officer (CISO) in your organisation to gain your trust. How many of us could verify before acting?
Protection and Prevention
Best practices for individuals:
- Use strong, unique passwords for every account, combining letters, numbers, and special characters. When setting passwords, it’s best to use a passphrase. Eg. I-@m-a-b0y
- Enable two-factor authentication (2FA) on all critical accounts to provide an extra layer of protection.
- Regularly monitor bank statements, credit reports, and online account activity for signs of unauthorized access.
- Be cautious with unsolicited emails, links, and attachments, even if they appear to come from trusted sources.
- Keep your devices and software up-to-date with the latest security patches and antivirus protections.
- Consider using password managers to securely store and manage your passwords.
- Limit the amount of personal information shared online, especially on social media platforms.
- Follow cybersecurity news outlets for trends and tactics attackers are utilizing.
Best practices for organizations:
- Conduct regular cybersecurity awareness training for employees to help them recognize phishing and social engineering attempts.
- Implement security controls like firewalls on your network system to filter incoming traffic.
- Conduct regular vulnerability assessments and penetration tests to identify and fix security weaknesses.
- Implement multi-factor authentication (MFA) across all internal systems and critical business applications.
- Monitor network traffic and user activity continuously to detect unusual or unauthorized behaviour.
Bonus: Mr. Koge urges us to pay attention to details, double verify before acting and beware of misinformation and deepfakes.
About Author
