A phishing campaign publicly revealed thousands of stolen passwords from companies in the construction and energy industries. The hackers used WordPress sites to host the stolen data. These were then indexed by Google, making them accessible by anyone.
Credits: Pixabay
While Google detects more than 18 million malware and phishing emails per day, it can happen that the platform itself indexes files with stolen data. This is indeed what happened after a massive phishing campaign, in which several companies in the construction and energy sectors were victims. The stolen data was made public, and therefore available to anyone via a simple query on the search engine.
To send their fraudulent email, the hackers used a Linux server hosted on Microsoft Azure as well as hacked email addresses to quell suspicion. An HTML file was attached in the message, which included JavaScript code. It is the latter who retrieved the information of the victim, before returning it to a classic login page. “Although this attack may seem simple, it was successful […] to steal the identifiers of more than a thousand employees ”, underlines Check Point, which revealed the case.
Hackers make thousands of stolen passwords public
The data thus stolen was stored within a network of sites created thanks to WordPress. Hackers used the domain names of the latter to process and store credentials. A file was then created, necessarily becoming public by the nature of the server used which, according to Check Point, would remain online for two months. From a simple Google search, it is therefore possible to find the stolen passwords.
Also read: “Your penis is mine” – hacker locks chastity belts to extort money
“Attackers generally prefer to use compromised servers instead of their own infrastructure due to the recognized reputation of existing sites”, explains Check Point. “The more a reputation is recognized, the more chances are that the mail will not be blocked by security providers”. The company indicates that it has warned Google of the case, without specifying whether the data in question has been removed from the search engine.
Source: Check Point
