Posts tagged with multi-factor authentication explain how layered identity verification strengthens access security. Coverage includes MFA implementation strategies, authenticator app comparisons, hardware token options, and best practices for deploying MFA across enterprise environments.
posts
The Breach That Started With "Company123!" In 2024, the credential stuffing attack against Roku compromised over 576,000 accounts. The attackers didn't exploit some exotic zero-day vulnerability. They used passwords stolen from other breaches and tried them against Roku accounts — because people reuse passwords everywhere. That
The Breach That Started With One Reused Password In 2022, a single employee at LastPass reused credentials across personal and work accounts. A threat actor exploited that overlap, eventually compromising encrypted password vaults for millions of users. The irony — a password management company breached because of poor password hygiene — should
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on
A Single Unpatched Laptop Cost One Hospital $3 Million In 2023, the U.S. Department of Health and Human Services settled with a healthcare provider after a ransomware attack that started on one employee's unpatched workstation. The machine hadn't been updated in over 90 days. That
In January 2024, Microsoft disclosed that a Russian-linked threat actor — Midnight Blizzard — breached corporate email accounts by exploiting a legacy test tenant that lacked multi-factor authentication. No zero-day. No sophisticated exploit chain. Just a password spray against an old account that trusted the network it sat on. That's
One Reused Password Cost This Company $4.6 Billion In 2017, a single set of reused credentials let threat actors walk into Equifax's systems and expose 147 million records. The total cost exceeded $4.6 billion when you factor in the FTC settlement, lawsuits, and remediation. One password.
In June 2021, Google disclosed that it had sent over 50,000 warnings to account holders about state-sponsored phishing and malware attempts in just the first three quarters of the year — a 33% increase over the same period in 2020. If you've received a Gmail account access warning,
In March 2021, Google disclosed that it blocks more than 100 million phishing emails daily — and Gmail remains the single largest target for sophisticated credential theft campaigns worldwide. The FBI's Internet Crime Complaint Center (IC3) reported that phishing was the number one crime type by victim count in
In January 2021, a wave of PayPal phishing attacks hit inboxes so convincingly that even security-savvy professionals did a double take. The emails replicated PayPal's branding pixel-for-pixel, warned of "unusual activity" on the recipient's account, and linked to a login page hosted on a
Colonial Pipeline. JBS Foods. SolarWinds. The first half of 2021 has delivered a masterclass in what happens when cyber security fails at scale. Colonial paid $4.4 million in ransom. JBS paid $11 million. And the SolarWinds fallout — which compromised nine federal agencies and over 100 private companies — is still
