Standing Intelligence Requirements

For the most up to date list of ZeroFox Threat Research’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Details

Onebip, an Italy-based mobile payment provider, in which 2,927,777 email addresses were leaked, which were subsequently shared on a deep web platform. Of these, 2,595,636 records were successfully linked to plain-text passwords. The threat actor did not disclose the ultimate source of the data breach or how it was exploited.

Recommendations

• If not already enabled, turn on the compromised credentials rule for all relevant entities and ensure relevant emails are entered for those entities, or reach out to [email protected] for assistance
• If one of your entities receives an alert, ZeroFox recommends immediate password changes for the affected account
• Enable multi-factor authentication for all of your organizational accounts to help mitigate phishing and credential stuffing attacks