Singapore markets close in 1 hour 51 minutes
  • Straits Times Index

    2,993.13
    -24.02 (-0.80%)
     
  • Nikkei

    28,631.45
    -125.41 (-0.44%)
     
  • Hang Seng

    29,533.28
    -394.48 (-1.32%)
     
  • FTSE 100

    6,715.42
    -24.97 (-0.37%)
     
  • BTC-USD

    31,785.64
    +1,217.93 (+3.98%)
     
  • CMC Crypto 200

    625.45
    +15.46 (+2.53%)
     
  • S&P 500

    3,853.07
    +1.22 (+0.03%)
     
  • Dow

    31,176.01
    -12.39 (-0.04%)
     
  • Nasdaq

    13,530.92
    0.00 (0.00%)
     
  • Gold

    1,860.80
    -5.10 (-0.27%)
     
  • Crude Oil

    52.43
    -0.70 (-1.32%)
     
  • 10-Yr Bond

    1.1090
    0.0000 (0.00%)
     
  • FTSE Bursa Malaysia

    1,602.30
    +7.50 (+0.47%)
     
  • Jakarta Composite Index

    6,295.14
    -118.75 (-1.85%)
     
  • PSE Index

    7,045.83
    -94.46 (-1.32%)
     

Hacker sells access to hundreds of corporate executives' email accounts

Jon Fingas
·Associate Editor
·1-min read

Hackers are fond of hijacking email accounts, and one of them may have obtained a motherlode of potential targets. ZDNet and Gizmodo report that a hacker is selling claimed access to “hundreds” of C-suite executives’ Microsoft-based email accounts, including CEOs, vice presidents and directors. The targets include the chief of a mid-sized American software company, the president of a US apparel maker and the CFO of a European retail chain.

The accounts are on the market in a limited-access Russian underground forum and sell for $100 to $1,500 each depending on the value. Threat intelligence firm KELA noted the hacker might have obtained the account logins by buying data from computers infected with a data-stealing AzorUlt trojan.

A source for ZDNet claimed to have confirmed authenticity of two accounts, although it’s not certain if that holds for every victim. That same tipster is also notifying companies whose information is known to have leaked.

If the login theft is as successful as it seems, it could hurt both the executives and their workers. This could be used for relatively common scams that fool rank-and-file staff into sending money to hackers posing as company leaders. The accounts might also help with blackmail and extortion campaigns. Intruders could even crack other accounts by using the access to defeat email-based two-factor authentication. To put it another way, the damage could extend well beyond the leaders themselves.