Attackers Leave Stolen Credentials Searchable on Google Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search. The attackers behind a summer 2020 phishing campaign accidentally exposed the credentials they stole to the public Internet, where they could be discovered with a simple Google search. Related Content: Last August, the operators launched a campaign with malicious emails disguised as Xerox scan notifications, Check Point researchers report in an analysis conducted alongside industrial cybersecurity firm Otorio. Recipients of these emails, which contained their first name or company title in the subject line, were prompted to open an HTML attachment. If the file was opened, a JavaScript code would run in the background to conduct password checks, send the data to the attackers' server, and redirect the victim to a legitimate Microsoft 365 login page, where they could enter credentials.