Microsoft 365 executive logins sold on the dark web
The Microsoft 365 logins on top executives are being sold on the dark web, allowing hackers direct access to the emails and files of chief executives, directors and managers.
ZDnet is reporting that a forum for hackers has an offer to sell login details for Microsoft 365 / Office accounts for, so-called, C-level staff like:
- CEO – chief executive officer
- COO – chief operating officer
- CFO – chief financial officer or chief financial controller
- CMO – chief marketing officer
- CTOs – chief technology officer
- President
- Vice president
- Executive Assistant
- Finance Manager
- Accountant
- Director
- Finance Director
- Financial Controller
- Accounts Payables
Prices range from US$100 to $1,500 for the more senior and juicy pickings.
The logins have been verified as real so this doesn’t seem like a scam selling fake logins.
The victims include companies on both sides of the Atlantic, retailers, business management and software firms. The latter should know better than to have such lax security.
We’re begging you … please secure your Microsoft 365 account
Not a week goes by where we hear from someone who has been hacked, thinks they’ve been hacked or worried their accounts might be hacked in the future.
The solution is (fairly) simple – Two Factor Authentication.
Setup ‘2Fac’ for all your major accounts:
- Microsoft 365
- Social Media (Facebook, Twitter etc).
Microsoft 365 admins can enforce Two Factor Authentication on their staff and management accounts.
With Two Factor Authentication setup, it doesn’t matter as much if a hacker gets your login and password details. Without the vital time-limited extra code, they can’t get into your account.
The Myth about Two-Factor Authentication
Microsoft leads again! The most impersonated brand on the Internet
Longer passwords yes, but more complex password are better