Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Security

A Hacker is Selling Access To the Email Accounts of Hundreds of C-Level Executives (zdnet.com) 40

A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. From a report: The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as: CEO, COO, CFO, CMO, CTO, President, VP, Exec Assistant, Finance Manager, Accountant, and Director. Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role.
This discussion has been archived. No new comments can be posted.

A Hacker is Selling Access To the Email Accounts of Hundreds of C-Level Executives

Comments Filter:
  • by BAReFO0t ( 6240524 ) on Saturday November 28, 2020 @05:10AM (#60772408)

    It's not like you can sue him.

    And you can only buy the cat in the bag before you know.

    Also, of your business even has C-level executives, you're officially too big to not be mostly bullshit jobs, IMHO. ;)

  • by Mr. Dollar Ton ( 5495648 ) on Saturday November 28, 2020 @05:41AM (#60772466)

    who tells me 15 times a day he recorded a video of me watching a porn movie and will send it to EVERYONE side by side unless I pay him that much in shitcoins.

  • by Canberra1 ( 3475749 ) on Saturday November 28, 2020 @06:43AM (#60772576)
    These C-levels had it coming. Their mantra was MS or the other would do a better job of security than their lazy say no IT section. It now seems the cloud is wet, and precipitation of embarrassing company stuff - a certainty. It remains to be seen if their passwords were in violation of corporate policy. It remains to be seen if those using 2FA were similarly lousy. A shemozzle or Cloudtastrophie.
    • It's a mess and I wish I could block the MS network because of all the phishing emails that come through there. Can't block them or the other big networks who are just passing the crap along. It's not their fault it's well their customers fault....

    • by Anonymous Coward
      Many of the companies that kept an in-house IT system wound up with a bunch of encrypted servers, no backups, and a ransomware bill. Pick your poison.
    • MS can do a better job - you can enable access restrictions, 2FA, etc.

      The problem is that the executives in question were either too dumb to use that or have insisted that it is disabled for sake of their convenience.

    • by EvilSS ( 557649 )
      M365 is like any other email platform, cloud or on-prem, it's as secure as you configure it to be. By default it requires strong passwords but if you are, like most companies, connected to on-prem AD then it inherits your password policies for users coming over via federation or AD Sync. Ditto for MFA. You have to turn it on for your users, and your admin chooses the MFA methods, some of which I personally find insecure (SMS, office phone) and password reset features (one option is user questions, which are
  • I don't care about anyone below A-

  • Come on, it's 2020. In 2010, maybe 2015 I would believe this, but in 2020 to have any important business account without 2FA is very unlikely.

    • Comment removed based on user account deletion
    • 2FA doesn't make the accounts uncrackable. If the second factor is SMS (which doesn't even pretend to be secure) it's probably easier to intercept that than the password. You just need a leniently close physical proximity to the target. That's enough to prevent script kiddies from stealing Steam accounts, but these are high-value targets. Everyone up to and including state intelligence services would be interested in these.

  • I think that the crackers just did America a great favor.
    I suspect that the one thing that they will find in common is that the majority of these companies outsourced their code and admin esp. to India (closest ally to Russia and v.v..
  • A lot of us are hacker. We shouldn't be defaming our own name.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...