Proofpoint Platform Exploited to Send Millions of Spoofed Phishing Emails

A hacker exploited a flaw in cybersecurity firm Proofpoint’s email protection platform to send millions of phishing emails while posing as high-profile companies such as IBM, Coca-Cola, Nike, and Walt Disney. Named “EchoSpoofing” by Guardio Security, the campaign ran from January to June, with an average of 3 million phishing emails a day. The hacker was able to bypass Proofpoint’s security measures by exploiting a misconfiguration flaw, which allowed Office365 accounts to interact with Proofpoint’s relay servers.