Security company that picks up thousands of passwords steal from Google without any protection
Recently, it was revealed publicly, a phishing campaign by the American computer security company, Checkpoint.
Thousands of login IDs in this case passwords have been exposed in plain language on Google. Passwords that have been stolen from companies in rather sensitive sectors such as energy or construction.Once successful, the hacker used two WordPress sites to host the stolen login data. Unfortunately for them or for the victims, these websites were indexed by Google, making sure to make the information accessible by anyone using the search engine.
In practice, the Mountain View giant detects an average of nearly 18 million malware and phishing emails per day. As a result, it is not uncommon for the search engine to automatically index a platform that contains stolen data. That is certainly what happened in our case.
This article will also interest you: Google's USB stick in support of passwords
The energy sectors of construction were apparently in this phishing campaign the targets of hackers for some reason. Data leakage in this context is becoming quite tricky. Indeed, it only takes a simple rocket for anyone to know this information. Of course, use it as it sees fit.
To more easily resume their phishing mail, hackers who used a Linux server. Server that was hosted on Microsoft Azure. The same is true for hacked email addresses that are supposed to help deflect suspicion. In the phishing mail, he was an HTML file assistant. In this file there was a JavaScript code to which it is included. Collect some of the victims' information, and then direct them to a login page that learns a classic form.
"While this attack may seem simple, it has managed to[…] steal the identifiers of more than a thousand employees," says computer security solutions publisher Check Point.
Apparently the cyber criminals who stole this information have indcried domain name on WordPress to host their information. The problem is that they have used already known domain names. This has clearly facilitated indexing on Google's search engine. The problem is that the server will have to stay online for 2 months if the hackers decide to get rid of it.
"Attackers generally prefer to use compromised servers instead of their own infrastructure because of the recognized reputation of existing sites," says Check Point."The more a reputation is recognized, the more likely it is that the email will not be blocked by security providers."
According to Checkpoint, Google was warned by it. For now, we are waiting to see if the data will be removed by the search engine or not.
Now access an unlimited number of passwords: