What happens when data is hacked? What hackers do with personal data

Have you ever wondered “Would it make a difference if someone hacked my account? I don’t have any secret stuff in there anyway…” Unfortunately, whether it’s your email inbox or a social media account, hackers can do all sorts of dangerous things with the personal data they steal. And the consequences could affect not just you, but your friends and family as well.
“Can a hacker use my data?” The answer is a definite yes – hacking attacks leading to data theft is a lucrative business model for cybercriminals. To you, it might be “just” a junk mail account or a forgotten Facebook profile, but even a seldom used email address can be of value to a spammer. And if the account is linked to a credit card number or identifying personal information, its value only increases.
Man with laptop raising hands to head in frustration
Data theft by hackers is no laughing matter
So, what do hackers do with stolen information?

by Alyssa Schmitt

1. A hijacked email account

A hacked email account can unlock a treasure trove of information for a cybercriminal. Once they know your email address and have access to your incoming mails, all they have to do is identify sites where you have a login – e.g. Amazon or other popular online stores – and start hitting “I forgot my password”. Then they can use the password reset links that are automatically sent to you to gain access to your account on those shopping sites, where you may have saved your credit card information.

If your primary email account is the one that’s hacked, they may find other information that sets the ball rolling for further fraudulent activities: bank and credit card statements, legal or business correspondence, rental or credit applications – the list goes on. It’s no wonder that hackers go to such great lengths to get their hands on our email passwords. Keep reading to find out other motivations for targeting your personal data.

2. Login data is a gateway to your financial information

If a hacker gains access to your username, email, or password through a data breach or other means, they can use this information to try to access all your online accounts. If they successfully get into your account on an e-commerce site, for example, it could cost you dearly, because most of us take advantage of the convenience saving our payment details on trusted sites. Cybercriminals love targeting such sites because of the many ways they can exploit the information they find there: to use your credit card to make purchases, to sign up for other services, or even to open new bank accounts or take out loans.

Once they gain access to any of your online accounts, hackers can also change the account password and username, leaving you locked out. This practice of account takeover can also be the first step in a larger identity theft scheme.
Good to know: Unique passwords can protect you
Sometimes hackers will steal the login credentials to an infrequently used online account that does not contain any financial information. "No problem," you may think, but there may be another risk: Many people use the same login credentials for multiple accounts. Hackers know this, and armed with the “key” of one password, they will try it out on as many of your accounts as possible. This is why security experts strongly advise that we not reuse passwords. There are a couple of tricks you can use to create a unique, strong password that you can actually remember. Find out more in our explainer: How secure is my password?

3. Hackers make money by selling your information

Selling hacked personal data can be a lucrative business model. Often hackers bundle your personal information with other stolen data and sell it en masse to other criminals on the dark web, who can then use it in their own shady schemes. Not only do these criminals earn their money at your expense, but as they collect more information about you, there are more ways they can abuse it.

4. Scammers use your data to tailor phishing attacks

Armed with the knowledge about you that they gain from your hacked information, scammers can craft personalized phishing messages designed to trick you into revealing a password or clicking a malicious link. They may reference your recent purchases and activities or mention specific interests and personal connections to make the communication appear authentic. They can also forge, or “spoof,” emails that appear to be from a legitimate source, such as your bank, your employer, or a specific government agency that they know you are in contact with.

Even if you are well aware of how to recognize a phishing email and extremely wary about clicking on links, once the attack is tailored specifically to your personal information it can be very difficult to spot. You could be tricked into sharing details such as financial information and logins or become a victim of a malware attack.
Bonus explainer: A phishing scam that targets you specifically based on your personal information is known as “spear phishing.” To learn more about protecting yourself from such attacks, see our explainer: What is spear phishing? Can you prevent it?

5. Stolen personal information can be the starting point for identity theft

When a hacker manages to obtain enough personal information about you – name, social security number, date of birth, address, account numbers, passwords, etc. – they may use it to impersonate you for fraudulent purposes. Whether to actively destroy your reputation or to use your identity as a “disguise” to commit crimes, identity thieves can do major damage.  This can go far beyond using your credit card for a shopping spree – they could buy illegal drugs, support terrorist activities, or consume or publish child pornography, all in your name.

Unfortunately, the cases of identity theft cases reported to the Federal Trade Commission (FTC) has skyrocketed in recent years. The number more than doubled from 2019 to 2020; and Javelin Strategy reported that more than 15 million Americans experienced identity theft in 2021.

6. An email hack isn't just about you – your contacts may also pay the price

Imagine you wake up one day and find out that your email account has been hacked. This may sound bad enough, but unfortunately it's not just about you. Hackers can use your compromised account to go after new victims. They may send scam emails to your friends, coworkers, or family – any of your contacts. And these emails will also be aimed at giving the hackers access to all of these people’s personal data, either by installing malware on their devices or tricking them into revealing information. In other words, a never-ending cycle of attacks that spreads from one person to another, all starting from your hacked account. That's why it’s important take action if you suspect your account has been hacked – and let your contacts know about it.
Pro tip: If you suspect your email address was compromised in a data breach, you can go to https://haveibeenpwned.com/ to perform a simple check. And for more information on how you can tell if your email has been hacked and actions to take, see our explainer: How do I know if my email was hacked? Warning signs and what to do

Name, email address, and password – that’s all it takes for a hacker to make your life miserable in all the ways described above. Now that we know why hackers steal data, this should motivate all of us to renew our commitment to using strong, unique passwords and protecting personal information against phishing and other scams.

And if you still don’t have a secure email account with mail.com, why not sign up for free here?

Images: 1&1/Ketut Subiyanto via Pexels

247 people found this article helpful.

Related articles

Unsubscribe email scam: How to protect yourself

What to do if you click on a phishing link

Are security questions secure? Not really – here’s why