Computer Security News and Insights
In 2023, a single reused password gave threat actors access to 23andMe's credential-stuffing attack, exposing the genetic data of nearly 7 million users. The attackers didn't exploit some exotic zero-day vulnerability. They just tried stolen username-password pairs from other breaches — and millions of them worked. If
In 2024, a single set of stolen Snowflake credentials led to the breach of over 165 organizations — including Ticketmaster and AT&T — exposing hundreds of millions of customer records. The root cause wasn't some exotic zero-day exploit. It was reused passwords without multi-factor authentication. Every one of
In 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by social engineering the help desk into resetting an employee's credentials — credentials that lacked properly enforced multi-factor authentication at critical junctures. That single phone call cascaded into one of the most expensive
A Single Stolen Password Cost This Company Everything In May 2021, a single compromised password shut down Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The attackers used a leaked VPN credential — one that had no multi-factor authentication protecting it. That one missing layer of security
In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider bypassed the company's authentication controls using a simple social engineering phone call. The attackers didn't crack a password vault or exploit a zero-day. They convinced a help desk employee to
The 24 Billion Stolen Passwords Sitting on the Dark Web Researchers at Digital Shadows found over 24 billion username-and-password combinations circulating on dark web marketplaces. That number keeps climbing. If you're still asking why use a password manager, the stolen credential economy already answered for you — your reused
The 80% Problem Nobody Wants to Talk About The 2024 Verizon Data Breach Investigations Report found that stolen credentials were involved in roughly 31% of all breaches over the past decade — and that human-element breaches, including credential theft and phishing, accounted for nearly 68% of incidents in their latest dataset.
The 59-Second Crack That Cost a Hospital Chain Everything In 2023, CommonSpirit Health disclosed a ransomware attack that disrupted operations across more than 140 hospitals. Post-incident analysis pointed to compromised credentials as a key factor. The password in question wasn't "password123" — it was a seemingly reasonable
The 277 Days You Can't Afford According to IBM's Cost of a Data Breach Report, the average organization takes 277 days to identify and contain a breach. That's nine months of a threat actor living inside your network, exfiltrating data, escalating privileges, and setting
The Breach That Proved "We'll Figure It Out" Doesn't Work In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to their help desk. The threat actors impersonated an employee, gained access to
