Investigation showed that scammers manually access 91% of compromised accounts within a week, 50% within 12 hours, and used them to send bulk credential phishing messages.
The Office of the Attorney General of New York has recorded 1.1 million compromised accounts. The stolen logins were put to use in credential stuffing attacks against a variety of "well-known" online retail, food and delivery businesses.
Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account. Threat actors compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023.