Someone Is Selling Access to Office 365 Accounts for as Low as $100

By Bill Toulas / November 28, 2020

A hacker active on Russian-speaking dark-web forums ( is selling exclusive access to Office 365 and Microsoft accounts to anyone willing to pay. The cost ranges from $100 to $1,500 per account, and it depends on the rank of the compromised individual.

There is a lot to be found in the offering, from accounts belonging to firm presidents and CEOs to accountants and executive assistants that have rather limited access to a company’s systems.

In general, though, the set concerns high-ranking individuals like the following:

ZDNet reports that they have contacted someone who obtained samples of this data and confirmed its validity. The anonymous source claims to have working usernames and passwords for two CEOs, one belonging to a medium-sized software company in the United States, and one stolen from a CFO of an EU-based retail store chain.

Source: ZDNet

As for how the hacker got to steal these credentials, threat intelligence firm KELA has some indications on that part. The firm’s researchers have looked deeper into the particular actor’s activity and found that he/she was previously interested in buying “Azor logs,” which is data that has been scraped by the AZORult trojan. AZORult is capable of stealing email credentials, browser cookies, FileZilla FTP logins, WinSCP credentials, and even cryptos from local wallets.

So, it’s likely that the particular actor got these credentials from other hackers who deployed AZORult on high-ranking employees. This is another example of a lengthy monetization chain that extends further and further, with each actor specializing in a single point. In the end, this information goes to the hacker who will engage in the final exploitation act, making the most out of it, either in money or intelligence.

The compromised persons and now have their credentials bartered on the dark web could easily render that data worthless by setting up MFA verification steps on their accounts. This should be considered an elementary and mandatory security step for all online accounts, especially for Microsoft and Office 365 ones.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: