Nixon said she came up with an idea for another test that might indicate a breach is real.
One leak she analyzed consisted of credit card data. She thought the data was fake because it was potentially valuable in the underground. It didn't make sense for someone to freely publish the data if it had value.
To test it, Nixon compared first names of people in the breach with a list of the most common names based on their birth year. The distribution of names indicated the breach might be legitimate.
"It would be interesting to see further research in that area," Nixon said.
However, further investigation showed the credit card data was old, as the expiration dates of the cards had mostly passed, Nixon said. The data had merely been recycled and didn't really come from its purported source.
"There was no new breach," she said.
Sign up for CIO Asia eNewsletters.