A phishing campaign that targeted multiple industrial sectors in 2020 was messier than the average cybercrime operation. The perpetrators stole more than a thousand sets of credentials from corporate employees and then accidentally exposed that data on the public internet, according to a blog post from cybersecurity firm Check Point. The attackers made a “simple mistake in their attack chain,” the researchers said, by not securing the files once they were posted to sites set up to receive stolen data. The end result was an otherwise successful hacking operation that could have been undercut by sloppiness: A victim or an identity theft prevention system could have stumbled upon the breached data; or another set of crooks could have found the stolen credentials before the original attackers had a chance to sell or use them. “We found that once the users’ information was sent to the drop-zone servers, the data was […]
The post A phishing campaign’s collateral damage: Stolen passwords were publicly searchable appeared first on CyberScoop.
Continue reading A phishing campaign’s collateral damage: Stolen passwords were publicly searchable→