Employees of a large communications firm were targeted by a phishing campaign. Text messages sent to their personal phones contained a link to a malicious site appearing to be the employer’s but designed to harvest username, password, and second-factor code.
Immediately after their incident response team was notified of the campaign, their security operations center opened an investigation, which revealed that 15 employees had entered their credentials into the malicious website. Using the compromised credentials, the hacker accessed internal tools and reset customer email passwords on 27 customer email accounts.
All employees that were compromised had their credentials locked and rotated and the 27 impacted customers had their passwords reset to prevent anyone from accessing the accounts further.