On a closed-access underground forum used by Russian hackers, a cybercriminal is selling passwords for email accounts belonging to hundreds of C-level execs in companies all over the world. The forum is named Exploit.in and was discovered just last week.
The hacker is selling email, and password combinations for Office 365 and Microsoft accounts that he says are owned by executives with high-level functions that include:
- Chief Executive Officer
- Chief Financial Officer/Controller
- Chief Operating Officer
- Chief Marketing Officer
- Chief Technology Officer
- Vice President
- Finance Manager
- Finance Director
- Financial Controller
- Account Payables
The prices for access to these accounts range from $100 to $1,500, depending on the role of the compromised exec and company size.
The hacker’s claims are valid
Someone in the cyber-security community agreed to contact the seller and get samples to confirm the data’s validity. He got valid credentials for two accounts, as promised by the hacker. One was for a CEO of a medium-sized US-based software company, and another for the CFO of an EU-based retail store chain.
The source is in the process of notifying the two companies and others for which the hacker published account passwords as proof that the data is valid and usable.
They included logins for an exec at a UK business management consulting agency and the president of a US apparel and accessories company.
Prevention has to be robust
Even though the hacker has refused to tell how he got the login credentials, he said he has hundreds more available for sale.
A firm in the threat intelligence business, KELA, the same hacker has previously shown interest in buying ‘Azor Logs,’ which refer to data collected from computers that have been compromised by the AzorUlt info-stealer trojan.
All people are encouraged to use two-step verification, two-factor authentication, and password managers for security.