In January 2022, the Crypto.com breach exposed a brutal truth: 483 accounts were compromised and roughly $34 million drained — in part because attackers found ways around weak authentication controls. That incident is just one in a long line of breaches where stolen or bypassed credentials were the root cause.
In January 2022, the Red Cross disclosed a cyberattack that compromised personal data of over 515,000 vulnerable people. The attack exploited unpatched vulnerabilities — but the investigation also revealed compromised credentials as a contributing factor. It's a pattern I see constantly. And every time it happens, I get
The 61% Problem Nobody Talks About The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. Stolen, reused, guessed, and phished passwords remain the single largest attack vector threat actors exploit today. I've spent years
In January 2022, a credential stuffing attack hit Norton LifeLock, compromising roughly 925,000 accounts. The common thread? Weak and reused passwords. I've spent years watching organizations hemorrhage data because employees — and everyday users — still think "Company2022!" is a strong password. It's not. This
The Colonial Pipeline Breach Proved Most Companies Aren't Ready In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom within hours — a decision that revealed just how unprepared one of America's
When Colonial Pipeline got hit with ransomware in May 2021, they paid $4.4 million within hours. Their CEO later told a Senate committee the company had an incident response plan — but executing it under pressure exposed gaps nobody anticipated. If a company running critical U.S. infrastructure can stumble,
In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised password shut down fuel distribution across the U.S. East Coast. The attack didn't just expose a vulnerability in critical infrastructure — it exposed a truth most organizations ignore: the speed and quality of
The Breach That Exposed a Missing Plan In December 2021, a vulnerability in Apache Log4j sent every security team on the planet into a tailspin. Organizations that had practiced cyber incident response steps mobilized in hours. Those that hadn't? They scrambled, pointed fingers, and lost precious time while
The Breach That Cost a Pipeline Its Entire Operation In May 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down completely after a ransomware attack. A single compromised password on a legacy VPN account gave the DarkSide threat actor group everything they needed. The company paid
The Colonial Pipeline Attack Changed Incident Reporting Forever In May 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast. The company paid a $4.4 million ransom. But here's what most people missed: Colonial Pipeline reported the incident to the FBI
