Security News > 2021 > January > Google Searches Expose Stolen Corporate Credentials

Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found.

While this is and of itself is not atypical of phishing campaigns, attackers made a "Simple mistake in their attack chain" that left the credentials they'd stolen exposed to the "Public Internet, across dozens of drop-zone servers used by the attackers," researchers said.

Usually credentials are the crown jewels of an attack, something threat actors keep for themselves so they can sell them on the dark web for profit or use them for their own nefarious purposes.

In this campaign, "With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attackers," researchers wrote.

This is because the attackers stored the stolen credentials in designated webpages on compromised servers, said Lotem Finkelsteen, head of threat intelligence for Check Point Software.

"The attackers didn't think that if they are able to scan the internet for those pages - Google can too," Finkelsteen said in an e-mailed statement.

News URL

https://threatpost.com/attackers-leave-stolen-credentials-google-searches/163220/