How long does it take hacked data to appear on the Dark Web?

The answer varies from one hacker to the next, but the short answer is 'not very long.'  The more precise answer, at least in the case of New Egg and British Airways, (both of whom were hacked recently) is, 'just over one week.'

According to a recent report published jointly by RiskIQ and Flashpoint, credit card information stolen from both companies is already available for sale. In fact, by the time you read these words, it may already be in use by other hackers who purchased the data on the Dark Web.

Group 6 behind the cyber-attack

The two companies identify "Group 6" as being the group behind the New Egg and British Airways attack. They highlighted the fact that the attack was extraordinarily selective. The group specifically targeted organizations guaranteed to have a high volume of both traffic and completed transactions.

The report features screenshots of an ad posted on the Dark Web advertising a dump of more than 500,000 credit card numbers and complete payment details being sold at prices ranging from $9 to $50 each.

In spite of this, British Airways continues to insist that there have been no verified instances of compromised card numbers from their system.  Unfortunately, BA's word on the matter is scant comfort and no protection whatsoever.

ESET advises

ESET UK cyber security expert Jake Moore offered this advice to BA users, and others who may have had their payment information compromised:

"If your data was included in this (or any) breach, and if you haven't already, you'll need to take action to protect yourself.  Call your bank or card issuer, cancel the card and request a new card.  No bank will ever mind being contacted for you being cautious."

Our perspective

Excellent advice all around.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business