First let’s look at what happens after a breach. The hacker will take the stolen data, use it for their own purpose, and then either offer it to others in online black markets for money or post it online for all to see freely. Once sold the buyer will use the stolen data for various nefarious means.
What would they use it for?
When it comes to passwords, watch your online accounts because the attacker might try your stolen password on other sites you use. They’ll check to see if you used the same password on those sites or they might even try it on the same site that was breached, to see if you’ve changed your password.
In addition, the stolen passwords can be added to a hacker’s rainbow table to aid them in their efforts to attack other sites or network system’s password databases. For those that are unfamiliar with what “Rainbow Tables” are, TechTarget (http://whatis.techtarget.com/definition/rainbow-table) defines it as “a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.” In simpler terms, they are vast databases that serve as a digital key for cracking encrypted passwords.
For an email address, watch your inbox. You might get an increase in spam or be targeted with spear phish. You probably will be hearing from relatives that need you to wire them money right away or you might even meet a Nigerian Prince.
When the information is stolen from healthcare providers such as names, birth dates, social security or government IDs and policy numbers, the criminals use these to buy equipment or drugs which they later resell or even to get procedures done. In addition, identity theft is a very lucrative business for the criminal.
Now you’re probably wondering what can be done, how can we protect ourselves?
Some simple measures that we can do to protect ourselves is to not reuse passwords at all. (I know it’s easier to remember passwords if you reuse them, but it’s really not a good practice) When you receive an email from the service you use, asking you to change your password, don’t ignore it, go to the site and change it. NEVER click the link in the email. If the bad guy has your password and they get into your account, whatever information that is in your account they will use in their future attacks.
If you’re going to take anything away from this, it should be this: don’t use the same password on multiple sites and never click a link in the email to reset your password, always go to the website and reset it there. That way if there is a breach and your old password and email is being passed around the black market you won’t be a victim again and you can go back to not worrying about those headlines about information being sold from past breaches.