HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Operation Endgame 4.0 Leaks 154K Email Addresses and 500K Passwords from SocGholish Malware Network

International authorities dismantled the SocGholish malware operation, revealing 154 000 compromised email addresses and over 500 000 passwords. The breach underscores the need for robust SOC 2 access‑control policies, MFA, and documented security‑awareness training.

LiveThreat™ Intelligence · 📅 June 19, 2026· 📰 haveibeenpwned.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
haveibeenpwned.com

Operation Endgame 4.0 Leaks 154 K Email Addresses and 500 K Passwords from SocGholish Malware Network

What Happened – On 18 June 2026, international law‑enforcement agencies dismantled the SocGholish malware distribution operation in “Operation Endgame 4.0.” The takedown uncovered ≈ 154 000 compromised email addresses and more than 500 000 previously unseen passwords that had been harvested from the compromised sites.

Why It Matters for Compliance & Audit Readiness

  • Credential theft is a classic trigger for SOC 2 CC6.1 (Logical Access) and CC6.2 (User Access Management) – controls that must be documented, enforced, and continuously monitored.
  • Demonstrating timely password rotation, mandatory multi‑factor authentication, and security‑awareness training provides concrete audit evidence that your organization mitigates the exact risk highlighted by this breach.
  • Verisq’s SOC 2 Access Controls capability helps you capture and retain the necessary logs, policy attestations, and user‑training records to prove readiness during an audit.

Who Is Affected – Any organization whose employees or customers used the exposed credentials, spanning technology SaaS, financial services, retail, and other sectors that rely on email/password authentication.

Recommended Actions

  • Force password resets for all accounts that may have used the exposed credentials.
  • Enforce organization‑wide two‑factor authentication (2FA) wherever possible.
  • Verify that your logical‑access policies (SOC 2 CC6.x) are up‑to‑date and that evidence of enforcement (e.g., MFA logs, password‑change tickets) is retained.
  • Conduct a security‑awareness refresher focused on credential hygiene and phishing resistance.

Technical Notes – The breach originated from the SocGholish malware distribution network, a large‑scale “malvertising” operation that harvested credentials via malicious web pages. No specific CVE is associated; the vector was a malicious‑website supply chain. Source: https://haveibeenpwned.com/Breach/OperationEndgame4

📰 Original Source
https://haveibeenpwned.com/Breach/OperationEndgame4

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →