cPanel Access Brokerage Thrives in Cybercrime Markets
Summary
Hide ▲
Show ▼
Threat actors are actively trading compromised cPanel credentials in underground markets, offering them as ready-to-use infrastructure for phishing and scam campaigns. Research by Flare security analysts reveals a structured ecosystem where cPanel access is commoditized, with pricing tiers based on quality, geography, and infrastructure reputation. Compromised cPanels enable a wide range of malicious activities, including deploying backdoors, creating admin users, and exfiltrating sensitive data. The analysis highlights that over 1.5 million internet-connected servers run cPanel, making it a prime target for attackers. Common compromise vectors include credential abuse, web application exploits, and server-level vulnerabilities. The market for these credentials is highly commoditized, with sellers repeatedly advertising the same inventory across multiple fraudulent chat groups. Organizations are advised to enable multi-factor authentication, enforce strong passwords, and monitor outbound SMTP activity to mitigate the risk of cPanel compromise.
Timeline
-
03.03.2026 17:01 1 articles · 2h ago
Flare Research Reveals Structured Underground Market for Compromised cPanel Access
Flare security researchers analyzed activity across monitored fraudulent groups over a seven-day period, showing a structured ecosystem operating at scale. The analysis revealed that compromised cPanel credentials are actively traded in underground markets, with pricing tiers based on quality, geography, and infrastructure reputation. The research highlights the widespread availability of these credentials and the various malicious activities they enable.
Show sources
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets — www.bleepingcomputer.com — 03.03.2026 17:01
Information Snippets
-
Over 200,000 posts referencing cPanel access were analyzed over a seven-day period, with 90% being duplicates.
First reported: 03.03.2026 17:011 source, 1 articleShow sources
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets — www.bleepingcomputer.com — 03.03.2026 17:01
-
cPanel access is sold in bulk, with pricing tiers differentiating quality, geography, and infrastructure reputation.
First reported: 03.03.2026 17:011 source, 1 articleShow sources
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets — www.bleepingcomputer.com — 03.03.2026 17:01
-
Compromised cPanels enable activities such as deploying backdoors, creating admin users, and exfiltrating sensitive data.
First reported: 03.03.2026 17:011 source, 1 articleShow sources
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets — www.bleepingcomputer.com — 03.03.2026 17:01
-
Common compromise vectors include credential abuse, web application exploits, and server-level vulnerabilities.
First reported: 03.03.2026 17:011 source, 1 articleShow sources
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets — www.bleepingcomputer.com — 03.03.2026 17:01
-
Over 1.5 million internet-connected servers run cPanel, making it a prime target for attackers.
First reported: 03.03.2026 17:011 source, 1 articleShow sources
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets — www.bleepingcomputer.com — 03.03.2026 17:01