Over the course of six months, cybersecurity researchers at Agari planted thousands of false credentials onto websites and forums popular for dumping stolen usernames and passwords. About half of of the accounts were accessed within 12 hours, 40% were accessed within six hours, and 20% were accessed within an hour.