Why you should care about the Bitglass “where’s your data?” experiment

Calling it the “world’s first A/B test for stolen credit card numbers on the Dark Web,” the folks at Bitglass have published the results of their ‘Where’s your data?’ experiment.

Bitglass-headline-apr-13The Bitglass research team prepared real-looking personal ID info that they then posted on the dark web*. The fake personal data was bait (think tasty chum used in Jaws to lure the ravenous scavenger) for bad guys (scavengers). Bitglass had rigged the data so that they could track it.

Within 12 days of being posted, the fake data had been clicked on more than 1,000 times! Loads of bad guys from 22 countries had zeroed in on the ‘fresh’ data in less than 2 weeks!

By contrast, it is estimated that it takes 205 days before companies that have experienced a breach are able to ‘recognize and snuff out’ a data breach crisis.


Think about how much, much longer it takes to identify and stop an attack than it does for the data to zip around to bad guys all around the world. By the time a company finally gets everything under control again, the bad guys have had a lot of time to do what they like with the data.

Key takeaways:

  • While this experiment dealt with a simulation of a business or corporate data set, it applies to personal data also. When it comes to your online accounts and personal data, you just do not know who the bad guys are. Bad guys from 22 countries accessed the data within 2 weeks of it being available online.
  • Bad guys move fast. They are constantly working against the clock. They begin ‘monetizing’ stolen data immediately – before the victim is even able to take action to protect any compromised data.

That’s what we are all up against!

Using a password manager like Sticky Password will give you the best chance of protecting yourself against known and unknown threats. By using a password manager, you will have quick and easy access to strong, unique passwords for all of your accounts. If one of your accounts is compromised, you will have limited the breach to that one account.

Make sure you follow news about and from the online vendors you use. When you hear about a breach to one of these vendors, make sure you act just as quickly as the bad guys: follow the recommendations of the affected vendor and, of course, change your password right away!

Get a copy of the report.

* Dark-web-def