Computer Security News and Insights
The Breach That Started With "Company123!" In September 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering to compromise employee credentials. The attack didn't require some sophisticated zero-day exploit. It started with identity — with passwords and people. And it'
In September 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by socially engineering a helpdesk employee into resetting MFA credentials. Let that sink in. The company had multi-factor authentication. It still wasn't enough — because the multi-factor authentication setup and the processes
In September 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee into resetting credentials — for an account that lacked robust secondary verification. One phone call. One bypassed identity check. Nine-figure damage. If you've ever wondered what is multi-factor authentication and
The 23andMe Breach Started With Recycled Passwords In October 2023, genetic testing company 23andMe confirmed that attackers accessed roughly 6.9 million user profiles. The method wasn't some exotic zero-day exploit. It was credential stuffing — threat actors took username and password combinations leaked from other breaches and simply
The Password That Cost One Company $4.4 Billion In 2017, Equifax suffered a breach that exposed 147 million records and eventually cost the company over $4 billion in total losses and settlements. One of the contributing factors? Weak internal credential management. The admin username and password for a critical
In September 2023, MGM Resorts watched helplessly as a social engineering attack — reportedly initiated through a phone call to their help desk — cascaded into a full-blown operational shutdown. Slot machines went dark. Hotel room keys stopped working. The estimated cost exceeded $100 million. MGM had cybersecurity tools. What they lacked
In September 2023, MGM Resorts International watched helplessly as a single social engineering phone call spiraled into a cyberattack that cost the company over $100 million. Slot machines went dark. Hotel room keys stopped working. Reservations collapsed. And it all started because a threat actor called the help desk and
The 37 Minutes That Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee. Within 37 minutes, they had enough access to cripple one of the world's largest casino and hotel operators. Slot machines went dark. Hotel
A Single Stolen Password Cost One Company $4.4 Million In May 2021, a threat actor used a single compromised password to shut down Colonial Pipeline — the largest fuel pipeline in the United States. The company paid a $4.4 million ransom. Gas stations across the southeastern U.S. ran
The Threat That Already Has a Badge and a Password In January 2023, the FBI arrested a former GE employee and a collaborator for stealing trade secrets related to turbine technology — a scheme that had been running for years. The insider had legitimate access the entire time. No firewall stopped
