FTC finds data breach info exploited in under 9 minutes.
FTC finds data breach info exploited in under 9 minutes.

In an effort to see what happens after a data breach, the Federal Trade Commission leaked a database of 100 fake customers and found it only took 9 minutes for crooks to attempt to access the information.

The FTC's Office of Technology made the information realistic by using popular names based on Census data, addresses from across the country, email addresses that used common email address naming conventions, phone numbers that corresponded to the addresses, and one of three types of payment information (an online payment service, a bitcoin wallet or a credit card), according to a May 24 blog post.

Researchers then twice posted the information to a popular hacker forum where stolen credentials are shared, within 9 minutes of the second post, hackers were attempting to use the stolen data to pay for all sorts of things, including clothing, games, online dating memberships and pizza.

More than 1,200 attempts were made to exploit the stolen information.