The Office of the Attorney General of New York has recorded 1.1 million compromised accounts. The stolen logins were put to use in credential stuffing attacks against a variety of "well-known" online retail, food and delivery businesses.
Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account. Threat actors compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023.
Investigation showed that scammers manually access 91% of compromised accounts within a week, 50% within 12 hours, and used them to send bulk credential phishing messages.