Ever wanted to know how much you’re really worth? Well there could be a (twisted) way to find out. A new security breach has given hackers access to hundreds of Microsoft email accounts. And they’re selling them online for prices between $100 and $1,500.
The breach targeted ‘c-suite level email addresses’ meaning CEO’s, CFO’s and company directors are at risk. On Friday, ZDNet found passwords belonging to many US and UK tech, retail and consulting company directors being sold.
The hacker(s) are advertising the sale on ‘Exploit.in’ – a sort of secret marketplace for Russian-speaking hackers. ZDNet worked with a cybersecurity expert to gain access to the data, and verified it as a real leak.
The danger posed by this leak is more than the usual password leaks. For example, by accessing a C-suite address scammers could order a company’s accounts department to make large payments.
Imagine this: you’re working for a large multi million pound company. It’s Monday morning. You have a full inbox. You get an email from your boss asking you to wire £10,000 to a ‘consultant’. For a large company, it’s a completely normal request. You approve the payment. Hours later you get a call asking why you sent £10,000 to a stranger.
Another tactic used in these kinds of hacks is to gain sensitive company or personal data. The hackers then blackmail people, bleeding them dry over time.
So this kind of hack makes companies vulnerable to large scale theft. And if your boss isn’t understanding, it could put your job at risk!
The cybersecurity expert who discovered the Microsoft data for sale is notifying all the companies that have been compromised. So in the mean time, keep an eye out for any weird requests from your boss!