Scammers hacked her phone and stole thousands of pounds

Knowledge breaches are getting so widespread that it may be exhausting to know methods to react when it occurs to you. It is usually straightforward to shrug it off, however there is a danger.

Being a sufferer of a knowledge breach will increase your probabilities of being focused by criminals and scammers.

Sue instructed the BBC how scammers went after her. We discovered her particulars had been leaked on-line.

She was a sufferer of what is generally known as a Sim swap assault – the place scammers trick a community operator into pondering they’re the account holder to get a brand new Sim card for a cellular system.

They used it to take over virtually all her on-line accounts by way of her cellphone. She mentioned the expertise was “horrible”.

“The scammers took over my Gmail account after which locked me out of my financial institution accounts as a result of they failed safety checks,” she mentioned.

Sue additionally had a bank card opened in her identify and the criminals bought greater than £3,000 in vouchers.

It took a number of journeys to the branches of her financial institution and cell phone supplier to get her accounts again.

And the thieves weren’t performed.

“The criminals additionally did a sinister factor after breaking into my WhatsApp,” she mentioned. “They despatched messages to horse using teams I’m in warning there have been individuals on their solution to stab the horses.”

We searched hacker databases utilizing on-line instruments like haveibeenpwned.com and Constella Intelligence to see if Sue’s particulars have been beforehand compromised.

Her cellphone quantity, e-mail deal with, date of delivery and bodily deal with have been all uncovered in knowledge breaches at playing platform PaddyPower in 2010 and e-mail validation instrument Verifications.io in 2019. Different compilations of hacked data additionally included her particulars.

Hannah Baumgaertner, from cyber agency Silobreaker, mentioned attackers probably used the private knowledge leaked in earlier breaches to conduct the Sim swap assault.

“As soon as they’d entry to Sue’s cellphone quantity they have been have been capable of intercept any safety codes despatched to confirm her identification for her Gmail account,” she mentioned.

However scammers aren’t all the time concentrating on huge payouts.

Fran from Brazil instructed the BBC she discovered a person had registered to her Netflix account – and elevated her month-to-month subscription.

“I used to be charged $9.90 (£7.50) on my cost card, regardless that I hadn’t made this buy,” she mentioned.

“I instantly contacted my household to seek out out if anybody had added one other profile to the account we share, however all of them mentioned no.”

Fran was a sufferer of a standard rip-off the place her Netflix account was hijacked by a freeloader.

It is not recognized precisely how they acquired into her account and the murky world of cybercrime means it’s troublesome to pinpoint if a single knowledge breach led to somebody being scammed.

However we discovered Fran’s e-mail deal with had been uncovered in no less than 4 knowledge breaches together with hacks of Web Archive (2024), Trellov (2024), Descomplica (2021) and Wattpad (2020) in accordance with the web site haveibeenpwned.com.

The password she used for her Netflix account will not be in publicly-known databases however is perhaps in others.

“There’s a enormous marketplace for cracked Netflix, Disney and Spotify accounts”, mentioned Alon Gal, co founding father of cyber safety firm Hudson Rock.

“It is a low-barrier entry level for cybercrime, turning one firm’s knowledge leak into widespread, ongoing abuse.”

Scammers usually mix stolen non-public info with public info.

Leah, who did not need to give her actual identify, runs a small enterprise utilizing Fb adverts and was lately focused in an extended working rip-off apparently originating from Vietnam.

“I acquired a phishing e-mail from ‘notifications@facebookmail.com’ saying that I used to be due a refund. I clicked on the hyperlink and entered my particulars on the faux Meta web page and the scammers have been capable of take over my enterprise account regardless that I had 2 issue authentication.

“They then posted baby sexual abuse movies underneath my identify which acquired me blocked. I used to be even barred from utilizing Messenger to complain to Meta.”

Within the three days it took Leah to get again her enterprise account again the scammers had run lots of of kilos of adverts paid for by her. She ultimately acquired the cash again.

Alberto Casares from Constella Intelligence searched hacker databases and located Leah’s e-mail deal with and different particulars have been taken in knowledge breaches at Gravatar (2020) and this yr’s Qantas (third-party breach).

“It seems to be just like the attackers used a standard strategy of linking up Leah’s non-public stolen e-mail deal with together with her publicly listed enterprise quantity to launch a focused phishing assault towards the e-mail account.”

They may have performed this themselves or used a knowledge dealer to pay for quite a lot of potential targets he mentioned.

Mass knowledge breaches are fuelling scams and secondary hacks around the globe, with a number of excessive profile assaults coming in 2025 alone.

In accordance with Proton Mail’s Knowledge Breach Observatory, there have been 794 verified breaches from identifiable sources found up to now in 2025 with greater than 300 million particular person data uncovered.

“Criminals pay premium costs for stolen knowledge as a result of it constantly generates revenue by way of fraud, extortion, and cyberattacks,” mentioned Eamonn Maguire from the agency.

Except for notifying prospects and regulators about breaches, there are not any exhausting and quick guidelines on what firms ought to do for victims.

Providing free credit score monitoring, for instance, was widespread.

Last year, Ticketmaster (which noticed 500m individuals affected by a breach) provided this to some individuals.

However this yr fewer corporations are doing this. Marks and Spencer and Qantas, for instance, haven’t provided these providers to prospects.

Co-op selected to present victims a £10 voucher – in the event that they spent £40 in its outlets.

Some try to hunt compensation within the courts, with a rising pattern of sophistication motion lawsuits – although these are notoriously exhausting to win as a result of it’s troublesome to show how people have been impacted.

However some have been profitable.

T-Cell has begun paying prospects affected by a significant knowledge breach in 2021 which affected 76m prospects.

The agency agreed to pay $350m – with funds reportedly starting from $50 to $300.

Get our flagship e-newsletter with all of the headlines it is advisable begin the day. Sign up here.