Password Breach & URL Hijack

Memo
Written By Studio Soph
 
 

We are writing to inform you of two significant cybersecurity developments that may impact individuals and organizations worldwide. These incidents highlight the growing risk of online scams and data leaks targeting consumers and businesses alike.

1. Major Brand Websites Hijacked to Promote Scams

According to recent reports from Malwarebytes, scammers have successfully hijacked the search functionality on legitimate websites of several major brands, including Bank of America, Netflix, Microsoft, and others via Ads placed on the web sites. Through these Ads, malicious actors inserted fake customer support phone numbers into the site’s service support search results, directing unsuspecting users to fraudulent call centers. The URL shown in the browser is correct and as expected.

This type of scam, known as "search hijacking", is designed to deceive users searching for help and trick them into providing sensitive information or making payments to fraudsters.

What you should do:

  • Be extremely cautious when searching for customer support phone numbers online.

  • Avoid calling phone numbers displayed in search results or pop-ups—always confirm them directly from the company's official "Contact Us" page.

  • Remain alert to unsolicited calls claiming to be from support representatives.


Additional Resources:

For more details, please review the Malwarebytes article: Scammers Hijack Websites of Bank of America, Netflix, Microsoft, and More

2. Billions of Stolen Credentials Leaked Online

In a separate but equally concerning development, Cybernews has reported that data stolen predominantly by infostealer malware was posted on the web, exposing over 16 billion records. This massive dataset includes usernames, passwords, and other sensitive information harvested from infected devices worldwide.

The databases in question have reportedly been removed by their unknown owner. However, the exposed credentials may have already been copied or sold, and the threat remains active.

The exposed data poses a threat to personal and organizational security, as cybercriminals can use these credentials for:

  • Account takeovers

  • Identity theft

  • Financial fraud

  • Phishing campaigns

  • Further malware distribution

The data does include duplicates and multiple entries for the same individuals. It is a combination old and recently harvested information.

Our recommendation remains the same as it was before this news: everyone should assume their sensitive information including username and passwords used at 3rd party sites is compromised and publicly available.

What you should do to protect your personal accounts:

  • We recommend changing passwords for your sensitive personal online accounts and prioritize accounts where you have reused the same passwords e.g., banking, email, online shopping, streaming services, social media, cloud storage, work-related accounts, and any other platforms where you store personal, financial, or sensitive information.

  • Enable strong multi-factor authentication (MFA) wherever possible. Avoid SMS text for authentication, and if possible, use an MFA application such as Google Authenticator.

  • Consider implementing passkeys or other passwordless login options for personal accounts that support them.

  • If not already in place, consider using a password manager, such as Keeper, to generate and store strong, unique passwords for each site, and to store your passkeys.

  • Regularly monitor your financial accounts and online services for unusual activity.

  • Consider placing credit freezes with the three main credit agencies and signing up for credit monitoring to help detect identity theft.

  • Be aware that some leaked databases included stolen session cookies, which may allow attackers to hijack active sessions without needing passwords. Log out of sensitive websites after use.

  • Make sure you have a good endpoint malware protection system active and updated on your personal PCs and Macs. E.g. Windows Defender or Malwarebytes.

  • Stay vigilant for suspicious emails or messages requesting account access or personal information.

For our managed clients we have layers of protection in place to protect your corporate user identify, and data. Please ask you HalcyonFT representative if you have any questions or concerns.


Additional Resources:

You can learn more about this data leak by reading the full report from Cybernews: Billions of Credentials Exposed in Infostealers Data Leak

 

Best regards,

— Your HalcyonFT Team

 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

 
 
Studio Soph https://www.studiosoph.co.uk
Next

Fortune Media and Great Place To Work Name Halcyon Financial Technology, L.P. to 2025 Fortune Best Workplaces in the Bay Area