Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.
posts
In February 2021, the FBI warned that threat actors were sending fake text messages impersonating banks, delivery companies, and even state unemployment agencies — all designed to steal credentials and drain accounts. These weren't theoretical risks. The FBI's Internet Crime Complaint Center (IC3) reported over $54 million
In January 2021, the FBI and CISA issued a joint advisory warning about a surge in vishing attacks targeting corporate employees working from home. Threat actors were calling employees directly, impersonating IT help desks, and convincing them to hand over VPN credentials. Within hours, attackers had access to internal networks,
The Phone Call That Cost One Company $75 Million In 2020, a teenager orchestrated one of the most high-profile social engineering attacks in history. He called Twitter employees, posed as IT staff, and convinced them to hand over credentials to internal tools. Within hours, he'd hijacked accounts belonging
In July 2020, a 17-year-old from Florida convinced Twitter employees to hand over internal credentials. Within hours, the accounts of Barack Obama, Elon Musk, Joe Biden, and Apple were all posting Bitcoin scam messages. The attacker didn't exploit a software vulnerability. He exploited people. These social engineering examples
In 2020, a teenager and two accomplices convinced a Twitter employee they were from the company's IT department. That single phone call gave them access to internal tools, which they used to hijack 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — netting over $100,
In July 2020, Twitter disclosed that attackers had compromised 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — through a social engineering attack targeting employees with access to internal tools. The breach didn't involve some exotic zero-day exploit. It started with phone calls to Twitter
A Single Stolen Password Cost One Company $3.86 Million That's the average cost of a data breach in 2020, according to IBM's Cost of a Data Breach Report. And in nearly every major data breach example from recent years, the root cause wasn't
The Breach That Started With a Single Reused Password In December 2020, the SolarWinds breach dominated every security headline on the planet. But while the world fixated on nation-state threat actors and supply chain attacks, I kept thinking about a detail that emerged early: a SolarWinds intern had reportedly set
In the 2020 Verizon Data Breach Investigations Report, over 80% of hacking-related breaches involved stolen or brute-forced credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. The single thing most people treat as an afterthought is the single thing that gets most organizations compromised. Knowing how to create a strong
In July 2020, a teenager orchestrated one of the most embarrassing breaches in social media history — compromising 130 high-profile Twitter accounts including Barack Obama, Elon Musk, and Apple. The attack vector? Social engineering employees and exploiting accounts that lacked robust internal authentication controls. It was a masterclass in what happens
