The Indicator from Planet Money

What’s supercharging data breaches?

October 7, 2025

Key Takeaways Copied to clipboard!

  • The business of cybercrime, particularly data breaches, is flourishing because bad actors are evolving faster than security measures, with AI significantly accelerating attacks and lowering the barrier to entry for non-technical criminals. 
  • Cybercriminals benefit from a 'franchising' model where successful attack methods and tools are shared and sold, leading to a collective, rapid learning curve that outpaces the often secretive learning processes of victim organizations. 
  • The frequency and cost of data breaches are increasing, leading experts to believe that relying solely on individuals to protect themselves against organized cybercrime syndicates is unrealistic, necessitating a robust, collaborative solution from governments, businesses, and academia. 

Segments

Exploring the Dark Web
Copied to clipboard!
(00:00:13)
  • Key Takeaway: Ransomware sites operate like blogs, posting victim notices with countdowns before releasing stolen data.
  • Summary: The dark web hosts illegal marketplaces, including ransomware sites that publicly threaten victims with data release if ransoms are unpaid. These sites display caches of stolen data from entities like high schools and cities. Various methods like malware, deep fakes, and corporate breaches are used to extract value from information in this flourishing market.
Data Breach Verification Service
Copied to clipboard!
(00:03:08)
  • Key Takeaway: Troy Hunt’s ‘Have I Been Pwned’ service indexes public information from breaches, allowing users to check if their email addresses have been compromised.
  • Summary: The service ‘Have I Been Pwned’ (pronounced ‘pwned,’ derived from a misspelling of ‘owned’) allows users globally to check if their data has appeared in breaches. Troy Hunt updates the site daily with new breach information, noting that 15 billion records are indexed, representing only a fraction of total breaches. Cyber criminals earned $140 million in eight months from selling stolen data products alone.
Password Reuse Risk
Copied to clipboard!
(00:05:32)
  • Key Takeaway: Cybercriminals collect numerous passwords from low-value breaches hoping one credential will match a high-value account due to password reuse.
  • Summary: Compromised credentials from seemingly irrelevant services, like MyFitnessPal, are valuable because criminals test them across multiple accounts. This strategy relies on the common practice of users reusing the same password for different online services. The collected passwords act as a metaphorical pile of keys to try against various accounts until one works.
Supercharging Breaches with AI
Copied to clipboard!
(00:06:12)
  • Key Takeaway: AI accelerates cyberattacks by making data collection easier and enabling high-quality, hyper-focused crimes like spearfishing at scale.
  • Summary: The cost of data breaches in the U.S. increased nearly 10% between 2023 and 2024 because bad actors adjust faster than security improvements. AI tools have accelerated 80% of ransomware attacks, and 16% of data breaches now involve AI, according to an IBM study. AI excels at spearfishing, a high-effort crime, by rapidly generating convincing impersonations of trusted contacts.
Criminal Collaboration vs. Corporate Secrecy
Copied to clipboard!
(00:07:33)
  • Key Takeaway: Criminals collectively learn and share knowledge rapidly, while corporations often withhold breach information due to negative publicity and legal concerns.
  • Summary: The franchising of cyber tools allows hackers to sell successful methods for a fee, creating a multiplying effect in the criminal world. Criminals benefit from sharing information due to ego and sales opportunities, leading to faster collective learning. Conversely, companies are often reluctant to share breach details, which hinders collective defense against evolving threats.
Future Outlook and Defense
Copied to clipboard!
(00:09:06)
  • Key Takeaway: Most cybersecurity experts predict the situation will worsen in the next decade, requiring systemic solutions beyond individual efforts.
  • Summary: Approximately 90% of experts surveyed anticipate the cybersecurity situation will be worse in 10 years, indicating the tide is rising against defenders. While individuals should update systems, use two-factor authentication, and avoid password repetition, experts argue this is insufficient against syndicates. A more robust solution requires collaboration among governments, businesses, and academics.