A phishing campaign publicly revealed thousands of stolen passwords from companies in the construction and energy industries. The hackers used WordPress sites to host the stolen data. These were then indexed by Google, making them accessible by anyone.
While Google detects more than 18 million malware and phishing emails per day, it can happen that the platform itself indexes files with stolen data. This is indeed what happened after a massive phishing campaign, in which several companies in the construction and energy sectors were victims. The stolen data was made public, and therefore available to anyone via a simple query on the search engine.
Hackers make thousands of stolen passwords public
The data thus stolen was stored within a network of sites created thanks to WordPress. Hackers used the domain names of the latter to process and store credentials. A file was then created, necessarily becoming public by the nature of the server used which, according to Check Point, would remain online for two months. From a simple Google search, it is therefore possible to find the stolen passwords.
Also read: “Your penis is mine” – hacker locks chastity belts to extort money
“Attackers generally prefer to use compromised servers instead of their own infrastructure due to the recognized reputation of existing sites”, explains Check Point. “The more a reputation is recognized, the more chances are that the mail will not be blocked by security providers”. The company indicates that it has warned Google of the case, without specifying whether the data in question has been removed from the search engine.
Source: Check Point