The Lifespan of a Data Breach & the Attack Lifecycle

How a Data Breach gets passed around

I’ve been giving talks on credential stuffing and data breaches for a few years now and talking about the attack lifecycle and the ecosystems that support these attacks is one of my favorite things. It’s fascinating how much of a community and business has been built up around data breaches and credential spills and talking about it in public never fails to get met with disbelief, surprise, and skepticism.

Tiers of Attacker Sophistication

In my last session I talked more about the tiers of attackers than I usually do which helps to tell a better story from the day of a breach to the downstream damage to, eventually, the records ending up on a site like haveibeenpwned.

The tiers of sophistication for attackers

Credential Spills gradually lose value

It takes an average of 15 MONTHS for a company to report a breach

I write about JavaScript, Reverse Engineering, Security, and Credential Stuffing. Also a speaker, O'Reilly Author, creator of Plato, Director at Shape Security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store