In September 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee into resetting credentials — for an account that lacked robust secondary verification. One phone call. One bypassed identity check. Nine-figure damage. If you've ever wondered what is multi-factor authentication and
The 23andMe Breach Started With Recycled Passwords In October 2023, genetic testing company 23andMe confirmed that attackers accessed roughly 6.9 million user profiles. The method wasn't some exotic zero-day exploit. It was credential stuffing — threat actors took username and password combinations leaked from other breaches and simply
The Password That Cost One Company $4.4 Billion In 2017, Equifax suffered a breach that exposed 147 million records and eventually cost the company over $4 billion in total losses and settlements. One of the contributing factors? Weak internal credential management. The admin username and password for a critical
In September 2023, MGM Resorts watched helplessly as a social engineering attack — reportedly initiated through a phone call to their help desk — cascaded into a full-blown operational shutdown. Slot machines went dark. Hotel room keys stopped working. The estimated cost exceeded $100 million. MGM had cybersecurity tools. What they lacked
In September 2023, MGM Resorts International watched helplessly as a single social engineering phone call spiraled into a cyberattack that cost the company over $100 million. Slot machines went dark. Hotel room keys stopped working. Reservations collapsed. And it all started because a threat actor called the help desk and
The 37 Minutes That Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee. Within 37 minutes, they had enough access to cripple one of the world's largest casino and hotel operators. Slot machines went dark. Hotel
A Single Stolen Password Cost One Company $4.4 Million In May 2021, a threat actor used a single compromised password to shut down Colonial Pipeline — the largest fuel pipeline in the United States. The company paid a $4.4 million ransom. Gas stations across the southeastern U.S. ran
The Threat That Already Has a Badge and a Password In January 2023, the FBI arrested a former GE employee and a collaborator for stealing trade secrets related to turbine technology — a scheme that had been running for years. The insider had legitimate access the entire time. No firewall stopped
In January 2023, a former Tesla employee leaked the personal information of over 75,000 people — names, Social Security numbers, financial records — to a foreign news outlet. Tesla confirmed the breach wasn't caused by a sophisticated threat actor or a zero-day exploit. It was an insider. If you&
Two Employees, Two Paths to a Breach In May 2023, Tesla disclosed that two former employees had leaked the personal data of over 75,000 workers — including Social Security numbers and financial records — to a German news outlet. That wasn't a sophisticated nation-state hack. It was insiders walking
