According to ZDNet, a hacker is selling email and password account information targeting Microsoft Office 365 accounts. Because these are C-suite level executives, it means the potential victims are high-up executives such as CEO, CFO, and COO of companies. The hacker in question is now selling those credentials through an ad on Exploit.in. If you are unfamiliar with this location, it is a forum for Russian hackers. To show the credentials are legitimate, the attacker has posted login information for a UK business management consulting agency executive and those from the president of a U.S.-based apparel creator. Needless to say, these two credentials are probably not the most powerful on the list. An anonymous cybersecurity expert worked with ZDNet to contact the hacker and obtain some samples. Two Microsoft Accounts were given, one for a CEO and another for a CFO.
Microsoft Confirms
Gizmodo later received a message from Microsoft. The company said it knew of the reports and urges its customers to remain secure by avoiding links they don’t know the origin of. Furthermore, the company suggests multi-factor authentication to all account holders. “We are aware of the report and will do what is necessary to help support our customers,” a Microsoft spokesperson says. “We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers. To increase security we recommend taking additional steps like turning on multi-factor authentication.” Microsoft adds a good place to start for beefing up personal account security is its official online safety resources page.