September 26, 2022
Fotomay / Shutterstock.com Security researchers are investigating a large-scale phishing attack that targeted over 130 companies,  including financial institutions, messaging services, and telecom operators. The extent of this hacking campaign, dubbed “0ktapus,” may take several years to fully unravel. For clarity, this phishing campaign has nothing to do with LastPass’s recent data breach. But it is…

Fotomay / Shutterstock.com

Security researchers are investigating a large-scale phishing attack that targeted over 130 companies,  including financial institutions, messaging services, and telecom operators. The extent of this hacking campaign, dubbed “0ktapus,” may take several years to fully unravel.

For clarity, this phishing campaign has nothing to do with LastPass’s recent data breach. But it is related to the Twilio and DoorDash attacks that were reported on August 8th and August 25th.

0ktapus Stole Nearly 10,000 Login Credentials

The 0ktapus phishing campaign focuses on major U.S. corporations, minus a few outliers based in other countries across the globe. And surprisingly, the list of 0ktapus targets includes Microsoft, AT&T, Verizon, Coinbase, and Twitter—again, these companies are targets, and we don’t know if they were successfully hacked.

As of August 26th, Twilio and DoorDash are the only major companies that have announced an 0ktapus data breach. Both companies say that user data was accessed by hackers, though Twilio says that login credentials are safe. DoorDash warns that a small group of customers had their login and payment info stolen.

A Cloudflare report explains how the 0ktapus scheme operates. Basically, a…

Read Full Article Source

Leave a Reply

Your email address will not be published.