Security News > 2022 > February > Nigerian hacker pleads guilty to stealing payroll deposits
A Nigerian national named Charles Onus has pled guilty in the District Court of the Southern District of New York to hacking into a payroll company's user accounts and stealing payroll deposits.
According to the indictment and the statements made in court, Onus was actively involved in a scheme that took over user accounts of company employees across the United States and stole payroll deposits by diverting the salary payments to debit cards under his control.
This malicious activity started in July 2017, and until the time of his arrest, Onus had compromised 5,500 user accounts to divert a total of $800,000 in payroll funds.
The threat actor used credential stuffing attacks to gain access to accounts at a human resources and payroll company responsible for making salary payments for other company's employees.
"After a Company user account was compromised, the bank account information designated by the user of the account was changed so that Onus would receive the user's payroll to a prepaid debit card that was under Onus' control," details the DOJ announcement.
Users should utilize a password manager and unique passwords at every site they have an account to prevent a data breach at one site, affecting their accounts at other sites.