Set as Homepage - Add to Favorites

【Naked Poison II】

Source:Feast Information Network Editor:Tech Time:2025-06-26 10:30:31

Hacking email accounts doesn't have Naked Poison IIto be a sophisticated affair.

We are reminded once again of this fact thanks to a report released Friday by the Microsoft Threat Intelligence Center detailing how a group of hackers targeted the email accounts of journalists, government officials, and the campaign of a U.S. presidential candidate. And here's the thing, the bad actors didn't use some fancy 1337computer skills, but rather employed the oldest trick in the book: the password reset.

According to Microsoft, over a 30-day period in August and September of this year, hackers likely affiliated with the Iranian government went after 241 email accounts and successfully compromised four. The MTIC dubbed the group Phosphorous, and explained how the team operated.

You May Also Like

"Phosphorous used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts," reads the blog post. "For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account."

Importantly, MTIC writes that the four compromised accounts were not tied to the U.S. presidential campaign. But, still, this isn't good.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Password-reset features come in many forms, from questions about where you went to high school or your mother's maiden name to sending a link or code to a secondary email address or phone number. The former opens victims up to attack by anyone who knows how Google works, while the latter makes your primary email only as secure as your linked secondary email or cell phone.

A prominent abuse of this feature came in 2008, when a 20-year-old college student accessed Sarah Palin's Yahoo email account. He used information like Palin's ZIP code and birthday to reset her account password and gain access to the email account.

"While the attacks we’re disclosing today were not technically sophisticated," explain MTIC, "they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks."

SEE ALSO: How to find stalkerware on your smartphone

This warning from Microsoft should serve as a reminder to everyone online that a password alone isn't enough to protect your email — especially if someone is motivated to hack the account. Instead, use multi-factor authentication and for the love of god create a unique password.

Oh, and consider ditching those password-reset questions altogether.

Topics Cybersecurity

Previous:Asus VivoWatch 6 AERO measures blood pressure and ECG

Next:The 10 Most Anticipated PC Games of 2017

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

New iPhone leak claims USBLime, Jump, and other bikePeople in Massachusetts can't even spell 'Massachusetts,' according to GoogleInstagram will tell you when you're 'caught up' so you know when to stop scrollingHow California is on the forefront of digital rightsKylie Jenner unveils new black lipstick shade, makes our gothic dreams come trueApple Maps is getting a complete redesignWho the hell does this Jeopardy champion think he is?Scarlett Johansson criticized for taking on trans role in 'Rub & Tug'Why NASA is looking in the Pacific Ocean for unique meteoritesPopular mobile apps aren't protecting your personal dataBran Stark has a sweet message for all of us, after what happened to HodorEurope's 'biggest ever' LSD bust nets €4.5 million in cryptocurrencyFacebook tells Congress apps had access to data after rule changeThe best political jokes of 2018 (so far)Popular mobile apps aren't protecting your personal dataInstagram will tell you when you're 'caught up' so you know when to stop scrollingChinese laundry detergent ad incites fury online for being blatantly racistNeymar gives us the 2018 World Cup flop we truly deserve'The Crew 2' wants to be good but feels so empty Tencent Music partners with Qualcomm to launch AI TikTok launches a new feature to label AI Digital torchbearer to perform at closing ceremony of 19th Asian Games · TechNode Vivo set to unveil self Xiaomi may replace MIUI with self Florasis faces another PR storm following apology · TechNode China and the EU discuss AI and cross ByteDance denies it is abandoning VR business Pico · TechNode EV maker WM Motor suspends in China continues to produce over 95% of Apple's products · TechNode NetEase Youdao releases AI East Buy launches paid membership program as it chases new income source · TechNode Huawei’s intelligent automotive business unit sees management changes · TechNode Geely and Baidu’s JV to deliver first model in October after rebranding · TechNode Great Wall Motor’s NEV sales proportion reaches 30% · TechNode Chinese phone maker Oppo reportedly to restart in US may limit US companies from engaging with China’s entities on RISC BaichuanAI secures $300 million in funding from Alibaba and Tencent · TechNode HoYoverse fails in attempts to bypass App Store’s 30% "Apple Tax" · TechNode Founder of embattled Chinese EV maker reportedly moves to the US · TechNode

1.9617s , 8208.984375 kb

Copyright © 2025 Powered by 【Naked Poison II】,Feast Information Network  

Sitemap

Top

Quick Links