{"id":4010,"date":"2026-01-07T12:39:32","date_gmt":"2026-01-07T12:39:32","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/01\/07\/mfa-failure-enables-infostealer-breach-at-50-enterprises\/"},"modified":"2026-01-07T12:39:32","modified_gmt":"2026-01-07T12:39:32","slug":"mfa-failure-enables-infostealer-breach-at-50-enterprises","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/01\/07\/mfa-failure-enables-infostealer-breach-at-50-enterprises\/","title":{"rendered":"MFA Failure Enables Infostealer Breach At 50 Enterprises"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-c1ed8791-0344-4029-bf39-8790f64ddf50\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Dozens of global organizations have had highly sensitive corporate and customer information stolen and put up for sale by a threat actor because they didn\u2019t secure cloud systems with multi-factor authentication (MFA), a new report has revealed.<\/p>\n<p>The actor, known as \u201cZestix\u201d (aka \u201cSentap\u201d) scoured the dark web for infostealer logs containing credentials for popular cloud file sharing services ShareFile, Nextcloud\u00a0and OwnCloud, according to Hudson Rock.<\/p>\n<p>He was subsequently able to access, exfiltrate and auction the data stored in these accounts, due to a lack of MFA, the cybersecurity vendor said.<\/p>\n<p>\u201cA critical finding in this investigation is the latency of the threat. While some credentials were harvested from recently infected machines, others had been sitting in logs for years, waiting for an actor like Zestix to exploit them,\u201d Hudson Rock explained.<\/p>\n<p>\u201cThis highlights a pervasive failure in credential hygiene; passwords were not rotated, and sessions were never invalidated, turning a years-old infection into a present-day catastrophe.\u201d<\/p>\n<p><em>Read more on infostealers: Staggering 800% Rise in Infostealer Credential Theft<\/em><\/p>\n<p>The credentials were originally obtained via a number of infostealer variants, including RedLine, Lumma and Vidar.<\/p>\n<p>\u201cBecause the organizations [\u2026] did not enforce MFA, the attacker walks right in through the front door. No exploits, no cookies \u2013 just a password,\u201d noted Hudson Rock.<\/p>\n<p>The financially motivated threat actor apparently appears to be comfortable interacting on closed Russian cybercrime forums, where he presents as an initial access broker (IAB). However, the Sentap persona has also been linked to an Iranian national\u00a0and is affiliated with the Funksec cybercrime group, the report claimed.<\/p>\n<h2>A Roll Call of Victims<\/h2>\n<p>Among the organizations caught out by Zestix and named in the report are:<\/p>\n<ul>\n<li>Iberia Airlines, which had 77GB of technical safety and fleet data stolen<\/li>\n<li>Burris &#038; Macomber, a law firm acting as counsel for Mercedes-Benz USA, which spilled over 18GB of customer data, corporate secrets and info on litigation strategy<\/li>\n<li>Maida Health, a Brazilian firm which had over 2TB of health records relating to the Brazilian Military Police stolen<\/li>\n<li>Intecro Robotics, a Turkish defense manufacturer, which had over 11GB of military IP stolen<\/li>\n<\/ul>\n<p>\u201cThe rise of the Zestix threat actor paints a grim picture for 2026: major enterprise breaches are succeeding without needing sophisticated zero-day exploits,\u201d argued Xcape\u2019s John Carberry.<\/p>\n<p>\u201cSomeone can take 77 GB of flight maintenance data with a three-year-old password. That&#8217;s not \u2018hacked\u2019 security; that\u2019s ignored security.\u201d<\/p>\n<\/p><\/div>\n<p><em>Image credit:\u00a0Fasttailwind \/ Shutterstock.com<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Dozens of global organizations have had highly sensitive corporate and customer information stolen and put up for sale by a threat actor because they didn\u2019t secure cloud systems with multi-factor authentication (MFA), a new report has revealed. The actor, known as \u201cZestix\u201d (aka \u201cSentap\u201d) scoured the dark web for infostealer logs containing credentials for popular<\/p>\n","protected":false},"author":2,"featured_media":4011,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4010","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4010-60114220-868c-41ac-ac3d-0da2dd1563f3-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4010"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4010\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4011"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}