After the Breach: What Hackers Do With Your Company’s Stolen Data

The Internet of Things – or IoT – has made day to day life all the more convenient. This interconnectivity between any number of electronics ensures that it’s difficult to lose critical information and that a person can interact with any number of servers from any number of devices. Of course, these science fiction-esque advances mean that hackers have the opportunity to seize that same data much more easily than before.

Large-scale hacks have become more common over the past several years. 2016 saw a hack of hospitals worldwide, through which thousands of private health care files were compromised. 2018 saw Reddit hacked, as well. That compromised data is more than an username and password. A skilled hacker can use that same username and password to find your banking information, your social security number, and all sorts of private information you’d prefer to keep to yourself. If you’ve shared that information anywhere on the Internet, it’s at risk – and hackers have a myriad of plans for that data, once they get it in their hands.

Understanding a Hacker

To understand what a hacker intends to do with your data after it’s been stolen, a few myths about hackers need to be dispelled. Hackers are not malicious versions of Neo from the Matrix. Hacking comes through an organization or through operatives aligned with large and well-known companies. Think on the kind of data that Amazon and Google have collected in order to make each interactive experience all the more individual, not to mention the data collected by each company’s in-home artificial intelligence. Any person working within either company with malicious intent could make use of that information, and hacking organizations know that both serve as gold mines.

That said, device loss is more likely to result in a data breach than any individual hacker. If a company phone goes missing or a laptop is improperly recycled, then hackers can make use of the information stored in either in order to access a company’s files and, in turn, sell them to a willing buyer.

Hackers come in many forms beyond the pop-culture attributed anonymous mask. This means that you have to be all the more careful when it comes to protecting your private data.

Understanding Data

What comprises data, though? As has been mentioned, it’s more than just an username and password. Data includes any systems weaknesses in a company’s individualized Internet of Things or buyer information that can be manipulated in order to alter company sales records. Hackers look through individual systems in order to find accessible points through which homebrewed viruses can invade an IoT. Alternatively, they can access individual computers in a company in order to access company networking information and then flit around that network as they will.

Data, then, is both individualized information and company information. It is government information, banking information, educational records from universities, identification numbers, email addresses, physical addresses, telephone numbers, clinical information, and claims information – to name a few variations. More than that, though, it is the entire network of computers that exist within a company and the subsequent Internet of Things that operates around it.

How Hackers Access Data

In order to keep data from being compromised, it’s important to identify the methods through which hackers access a person’s data.

Wireless Internet

While not all hackers need access to the Internet in order to access a company’s Internet of Things, the Internet is one of the most reliable pathways to the IoT. Phones can connect to available WiFi hotspots automatically, especially if those hotspots are made public. When that connection is made, the hotspot in question registers a phone or computer’s IP address. A hacker who accesses that hotspot can then track the IP addresses that have been listed and use the information provided in order to access individual phones, computers, or other electronics that are WiFi accessible.

Direct Phishing

Hackers can also use a variety of methods to phish company or private information out of individuals. A phishing attempt can come through email, but some skilled hackers create false web pages that can request a person’s username and password and, in turn, give said hacker the basic information they need in order to find additional data on that individual. For example: if you try to log in to Twitter and provide a false webpage with your username and password, then the hacker who created that page has access to more than just your social media account. They also have access to whatever accounts you’ve connected to your Twitter and a better idea as to what usernames and passwords you’ve used for other online accounts.

Coded Force

Finally, it’s possible for hackers to use less delicate methods in order to access your data. Some can force their way into a company or private IoT through individually-created code. These codes can randomize usernames and passwords until the right ones are discovered, allowing the hacker in question to waltz right into a system of networks without ever getting in touch with the owner of the compromised system.

Uses for Individual Data

Once data’s been accessed, it can be used for a number of means. Credit card numbers, be they individual or company-based, can be used to purchase any number of things from various websites, be that pizza, clothing, home supplies, or more malicious materials. Phone numbers can be delivered to spam bots in order to facilitate easier, more direct scams. In compromising social security numbers, hackers can enable identity theft or the filing of fraudulent tax returns. Likewise, hackers can use compromised data to rent or buy properties, apply for jobs under false names, or to compromise individual credit.  And all of this information can be sold both individually as well as bundled on the “dark web” to other hackers or to individuals looking to use the data in various other fraudulent activities.  

The severity of data usage by hackers varies. Each variation of usage suggests that companies and individuals alike should go a step further in ensuring that their data remains private, else it be used by hackers of the world looking to make life easier for themselves.  Trusting ERI to destroy your data and recycle your end of life devices ensures one of the most common ways hackers receive data is guaranteed to be a non-issue for your company and your customers.