Hacker sells Microsoft C-Suite email credentials for $100
According to a report from ZDNet, a threat actor is selling email and password combinations for Office 365 and Microsoft accounts in a Russian hacker underground called Exploit.in. These account credentials, according to the Threat Actor’s report, belong to various senior executives including CEOs, CFOs, COOs, CMPs, CTOs, President, Vice President and Director. They are sold at prices varying between $100 and $1,500 depending on the company and the role of the leader.
While one of the credentials belongs to the CEO of a mid-sized US-based software company, the other belongs to the CFO of an EU-based retail chain. Other credentials belong to the chairman of an American clothing manufacturer and an executive of a UK-based consulting firm.
The seller declined to tell the publication the source where he got these credentials from. However, he confirmed that he has hundreds of credentials to sell.
The publication contacted sources in the intelligence community and identified a number of executives whose credentials the hacker put up for sale. The publication also contacted the executives identified regarding the hack.
While this hack did not affect your work account, it is still advisable to secure your personal and work email accounts and social media profiles using two-factor authentication to avoid becoming the prey to such scams.