Cybersecurity specialists report that a hacker is selling real-time access to a single-use password system, allowing cybercriminals to access Facebook, Twitter, Google, Amazon, Microsoft, Signal, Telegram accounts, among many others without having to obtain multi-factor authentication codes.
This report should be taken seriously, as a related attack could engage billions of users. In turn, cybersecurity experts point out that this is the consequence of using servers that handle OTP requests from online service users.
The first reports on this hacker were published by researcher Rajshekhar Rajaharia, who mentions that the hacker offers 50 GB of data extracted from multiple sources and webshell access to the OTP generating platform. The seller asks for about $5000 USD in cryptocurrency, although Rajaharia notes that initially the hacker planned to sell this information for about $18000 USD.