Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to figure out if a data breach is a hoax

Jeremy Kirk | Oct. 30, 2014
The notoriety that comes with taking credit for a data breach is alluring. Declaring a successful data breach can suddenly bring a lot of attention, which is why posting bogus data is attractive.

Nixon said she came up with an idea for another test that might indicate a breach is real.

One leak she analyzed consisted of credit card data. She thought the data was fake because it was potentially valuable in the underground. It didn't make sense for someone to freely publish the data if it had value.

To test it, Nixon compared first names of people in the breach with a list of the most common names based on their birth year. The distribution of names indicated the breach might be legitimate.

"It would be interesting to see further research in that area," Nixon said.

However, further investigation showed the credit card data was old, as the expiration dates of the cards had mostly passed, Nixon said. The data had merely been recycled and didn't really come from its purported source.

"There was no new breach," she said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.