Stolen Credentials Led to Hacks At Disney, Finastra, Schneider Electric, Microsoft, Roku

The Hacker News reports that cyberattacks using stolen credentials are the dominant security threat facing organizations today, driving 80% of web app breaches in 2023-24. 

Stolen credentials, often sold on the dark web for as little as $10, enabled widespread data breaches at numerous large companies, including Snowflake, Change HealthCare, Finastra, Schneider Electric, Nidec, HealthEquity, Park’N Fly, Roku, and LA County Health Services.

Credential theft is escalating due to the rise of infostealer malware, which harvests usernames, passwords, and session cookies from compromised devices. Attackers sell this data on criminal forums, often targeting accounts with poor security practices like weak passwords or absent multifactor authentication (MFA).

The decentralized adoption of SaaS platforms has expanded the attack surface while security teams struggle to gain visibility into accounts and applications. Major breaches, such as those involving Snowflake, Change Healthcare, and Microsoft, highlight the systemic vulnerabilities tied to credential misuse.

Organizations are ill-prepared to counter credential-based threats. MFA adoption remains insufficient, with 80% of password-only accounts lacking additional protection. Infostealers and SaaS account proliferation have created a fertile environment for attackers.

Threat intelligence, while abundant, often generates false positives, complicating its utility. Traditional security tools designed for network-based attacks are inadequate for detecting and preventing account takeovers.

Law firms and departments that are custodians of sensitive client data are prime targets for credential-based attacks. Legal organizations should counsel clients to ensure mandatory cybersecurity training emphasizes the risks of poor password hygiene, the importance of MFA, and the dangers of information stealer malware.