Security researchers are investigating a large-scale phishing attack that targeted over 130 companies, including financial institutions, messaging services, and telecom operators. The extent of this hacking campaign, dubbed “0ktapus,” may take several years to fully unravel.
0ktapus Stole Nearly 10,000 Login Credentials
The 0ktapus phishing campaign focuses on major U.S. corporations, minus a few outliers based in other countries across the globe. And surprisingly, the list of 0ktapus targets includes Microsoft, AT&T, Verizon, Coinbase, and Twitter—again, these companies are targets, and we don’t know if they were successfully hacked.
As of August 26th, Twilio and DoorDash are the only major companies that have announced an 0ktapus data breach. Both companies say that user data was accessed by hackers, though Twilio says that login credentials are safe. DoorDash warns that a small group of customers had their login and payment info stolen.
A Cloudflare report explains how the 0ktapus scheme operates. Basically, a…
Read Full Article Source