SECURITY
SECURITY
SECURITY
Hackers steal Office 365 credentials from tech solutions provider PCM
Technology solutions provider PCM Inc. has been successfully hacked with credentials and data relating to clients stolen.
Detailed by Krebs on Security, the hack is said to have been detected in mid-May with those behind the attack able to gain access to client’s email and file sharing services. While better-known for its direct marketing of hardware, PCM is also a re-seller of cloud services, and the latter the is target of those behind the hack.
According to the report, the hackers stole administrative credentials that PCM uses to manage client accounts within Office 365. The intruders are said to have been primarily interested in stealing information that could be used to conduct gift card fraud at various retailers and financial institutions.
PCM confirmed the hack, calling it a “cyber incident that impacted certain of its systems” that affected a limited number of systems and had since been remediated. “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers,” the company said.
Robert Prigge, president of identity verification firm Jumio Corp. told SiliconANGLE that having personal email hacked is one thing, but having the administrative credentials stolen from PCM — the same credentials they use to manage client accounts within Office 365 — is “next-level.”
“If these hackers can access the Office 365 accounts of PCM’s customers, they can unlock a lot of personal data and sensitive business documents,” Prigge explained. “Think about it — if a hacker has access to your Office 365 account, they can reset your password and lock you out. What’s worse, they may use that same email address as their username for other online accounts.”
Kevin Gosschalk, chief executive officer of fraud prevention technology provider Arkose Labs Inc., said it’s especially dangerous that hackers got access to email and file-sharing systems.
“The lasting impact of this breach — like every data breach involving exposed PII and credentials — is not yet fully realized,” Gosschalk said. “Each breach empowers fraudsters with more ammunition to attack businesses in a highly targeted manner and the large amount of exposed credentials on the dark web is responsible for the steady rise in account takeover attacks. Companies must make it a priority to secure their attack surface so hackers cannot extract economic reward from their company, and sensitive data is protected.”
Photo: Raysonho/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
