One Criminal, 50 Hacked Organizations, And All Because MFA Wasn't Turned On
The Register, Tuesday, January 6th, 2026
Crim used infostealer to get cloud credentials
If you don't say "yes way" to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale - and, in some cases, has already been sold - on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan's homebuilding giant Sekisui House; and Spain's largest airline Iberia.
The thief, who goes by the moniker Zestix or Sentap, steals data from corporate file-sharing portals by using compromised cloud credentials obtained from information-stealing malware. And none of the purported victims enforced multi-factor authentication (MFA), according to Hudson Rock, an Israeli cybersecurity company that specializes in infostealers.