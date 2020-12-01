We can read on ZDNet that a hacker is currently conducting a major operation to resell combinations of emails and passwords from Office 365 accounts in a Russian-speaking forum. It targeted C-suite addresses which is the personal information of executives such as finance directors, marketing directors, business executives, etc. The newspaper reports that the price for such information is surprisingly low. The hacker sells this data for between $ 100 and $ 1,500.

Combinations of emails, passwords

Hundreds of email addresses and passwords are currently for sale in an underground Russian-language forum. A hacker managed to obtain the personal information of many top executives around the world. These combinations are available for sale on Exploit.in. The hacker also had open access to the credentials of an executive at a UK management consultancy and a president of a US apparel and accessories company to prove his offer was legitimate.

In the same category

The FBI accuses six Russian hackers of being behind MacronLeaks

ZDNet produced a real report to best describe this extensive process. The point of sale even worked with an anonymous source who infiltrated the hacking community to obtain samples of the proposed data. This person actually received valid credentials for two Microsoft accounts. In retail, the first account belonged to the CEO of a medium-sized US software company and the other to a CFO of a retail chain based in the European Union.

An infiltrated source notifies the affected companies

This anonymous source is doing valuable work right now: it warns all affected companies about the cyber attack they are carrying out. Microsoft is also aware of this matter. Gizmodo contacted a company spokesman to try to understand the actions taken.

It says: “We know what is going on and we will do what is necessary to help our customers. We encourage our customers to adopt good online computing habits, including using caution when clicking links to web pages. We recommend taking additional steps such as: B. the activation of the multi-factor authentication. “

Information sold in a Russian-language forum

Such information is extremely valuable and can open up various types of attacks to hackers. They can pose as a director and commit “presidential fraud” fraud, for example by demanding money from this or that company. Hackers can also manipulate victims by blackmailing them and asking for money.

Such data can also be used by hackers to access other internal company systems that require a 2FA email address. To protect yourself against such attacks, two-factor authentication is undoubtedly the best solution. Hackers would have a much harder time logging in if they did. Microsoft said that of all accounts hacked, only 11% had two-factor authentication enabled.