HaveIBeenPwned serves as a platform for those who can search for their email address to find whether it was accessed by hackers via a data breach. But what if the platform itself gets infiltrated and leaks the whole of its database to cyber crooks?
Well, unconfirmed reports state that the entire database owned by the Microsoft Regional Director Troy Hunt was hacked by cyber criminals through an unknown vulnerability. And the whole of the data is in hands of threat actors who are now indulging in an extortion campaign threatening to leak the information if their demand for Bitcoins remains unheeded.
Troy is yet to confirm the incident, but one of his social media posts acknowledged it to a certain extent!
Hackers have released a news update that they now own the database filled with millions of email addresses that will be later sold to the highest bidder if the non-profit organization doesn’t bow to their demands.
The Cloud Consultancy provision, setup and manage SME Cyber Security services to protect your business. Whatever your business, however big or small it is, you will receive phishing attacks at some point. Think about how you will help your staff understand the threat and how to spot phishing. As with other advice, give them the tools to defend against it in their personal lives and they will bring that behaviour back to work. There are other important steps which mitigate the impact when the phishing succeeds. You will never stop it all. DO NOT BLAME staff when they get it wrong – they are only human.
Wait, the threat doesn’t end here! As the threat, actors added to their statement that they will start informing customers and business partners of the website about the hack to tarnish the image of the website on an international note.
The hackers seem to work with a vengeance, as they are threatening to use black hat SEO techniques to de-index the website in all countries, so that the website loses traffic forever.
A demand for $2500 BTC has been made by the criminals and if Troy and his staff miss the payment within a time frame of 72 hours, all the above stated threat tactics are sure to be implemented.
New hacking group named ‘Team Montesano’ has taken the claim of the attack and is apparently being linked to Lapsus$ Ransomware group.
Source: Cybersecurity-Insiders