The OTP-generating firm has some of the top giants as clients including Google, Facebook, Amazon, Apple, Microsoft, Signal, Telegram and Twitter, etc.
A hacker appears to be selling sensitive data they claim to have stolen from an OTP-generating company. This particular company has some of the most popular tech and business giants on its list of customers including Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter accounts, etc.
The same hacker is also claiming to have real-time access to the one-time-password (OTP) system of the company. However, the InfoSec researcher behind the discovery of this alleged breach Rajshekar Rajaharia disagrees with the hacker.
The seller was active on the dark web forum for a long time claiming to sell live access to OTP and 2FA but from what we have seen there are some chances that the data might be old as we have found some clues that changes have been made with dates. Nevertheless, we are still invesitgating because data seems real otherwise, Rajaharia told Hackread.com.
What type of data is being sold?
Rajaharia also shared sample data with Hackread.com which confirmed the presence of One-time codes and although they may not all be usable or valid today, a buyer could potentially find important working stuff in there depending on the platform and its policies.
Amongst other information, it offered to reveal 50GB of exfiltrated data. The access price was dropped from an initial tag of $18,000 to $5,000. Although the firm’s name was mentioned in the listi ..