A hacker is selling Microsoft C-Suite email credentials. Hundreds of C-level executive’s email accounts are being sold. All these accounts are being sold in the range of $100 to $1500, which depends on the company size and the role of the user.
Hundreds of C-Suite Accounts Credentials are Being Sold by Hacker
A threat actor is selling the credentials for Office 365 and Microsoft accounts for Russian hackers named Exploit.in. All these email accounts belong to high-level executives like CEO, CFO, COO, CMP, CTO, Vice President, President, and Director.
A source in the cyber-security center said they had contacted the seller to get the samples, and they have confirmed the valid data and received a valid ID and passwords for two accounts. One of the accounts is of the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain. Other credentials were of the president of US apparel maker and the official at UK based consultancy.
The seller did not tell from where he obtained the account credentials. But he confirmed that he has so many other account details to sell.
KELA, a threat intelligence firm, provided the data and said the same hacker had earlier bought “Azor log.” It refers to data collected from computers that are infected with AzorUIt info-stealer malware.
KELA product manager, Raveed Laeb, said,
“Compromised corporate email credentials can be valuable for cybercriminals, as they can be monetized in many different ways”.
The publication contacted the intelligence community and saw there are hundreds of officials’ credentials that are put up for sale. They have also contacted those identified executives regarding the hack.
Even if you are not affected by this hack, it is always good to secure your email accounts. The best way to block hackers from stealing any type of credentials is to use two-factor authentication (2FA), or you can use two-step verification (2SV) for online accounts. If you use this authentication, the hacker will not be able to get your credentials.