Clumsy Hackers Leave Thousands Of Stolen Credentials Exposed To Google Search
Do you know when thieves leave their stolen goods out on the front porch for all to see, just because? We didn't think so. Sometimes hackers can be the dumber equivalent of thieves, as we have now found out. It appears that hackers behind a global phishing campaign did not protect their stolen goods and left them out for Google to index.
Phishing campaigns are incredibly effective methods by which someone or a group collects passwords, usernames, and other information from uneducated targets. This campaign mistakenly shared its haul with the world operated by having fake Microsoft Office 365 login screens and then redirecting it to the proper location. They were successful enough with this endeavor to collect around 1,000 login credentials for corporate O365 accounts, which is a security headache. Moreover, according to researchers at Check Point, they were successful in evading anti-virus and email scanning techniques.