The hackers who launched a massive phishing attack against thousands of organizations around the world accidentally forgot to protect their prey. As a result, all the stolen data was leaked to the Google search engine. Reports from the ringing computer.
Cybersecurity experts at Check Point and Otorio discovered that the attackers had been stealing the logins and passwords of Microsoft Office 365 corporate users for more than half a year, redirecting victims to a fake login page. They managed to obtain the data of more than a thousand accounts, but the hackers accidentally placed all the stolen information in a publicly available file. The Google search engine indexed this file and the data was in the public domain. This means that if a person enters the email address of a hacked account, they can find the stolen password in a search engine.
According to the researchers who were able to analyze about half of the leaked records, construction and energy companies were the victims of cybercriminals most frequently (their share was 16.7 and 10.7 percent, respectively). The third place was occupied by IT companies with a share of six percent.
Formerly Natalie Silvanovich, Security Researcher at Google Project Zero discovered a dangerous vulnerability in several popular messengers at the same time. The hackers used the security holes in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha to spy on users.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
