<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
How much is access costing your organization? Find out now with our ROI calculator.

Five Spine-Chilling Credential Theft Stories

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

“It is, I confess, with considerable diffidence, that I approach the strange narrative which I am about to relate. The events which I purpose detailing are of so extraordinary a character that I am quite prepared to meet with an unusual amount of incredulity and scorn. I accept all such beforehand.” Fitz-James O’Brien, What Was It?

Gather ‘round for five, real-life stories of data breach that will haunt your dreams. You’ll find no ghosts, ghouls, or vampires here—though there may be zombies

Read on if you dare…

Marriott: A Haunted Hotel

Marriott acquired Starwood Hotels in 2016 and inherited its faulty IT infrastructure, including a legacy guest reservation system that had been unknowingly compromised in 2014. Per CSO Online, “Starwood’s old system limped on, zombie-like, infected with malware, breached by hackers, and without much by way of continuity of care…” until 2018, when an internal security tool finally detected the problem. By then, attackers had encrypted and most-likely removed password and credit card data from millions of guest records. And the fright doesn’t end there. Marriott continues to face fines, lawsuits, and lost revenue related to the breach. Yikes.

Volkswagen: Is It Possible to Steal a Deceased Person’s Identity?

Apparently so. In March 2021, Audi and Volkswagen learned that an attacker may have obtained the personal data of more than three million individuals in the U.S. and Canada. A marketing services company under Volkswagen’s employ left personal information from potential customers unprotected for 21 months before the leak was discovered. The exposure included driver’s license numbers and in some cases birth dates, Social Security numbers, account or loan numbers, and tax IDs from victims both living and dead.

Stradis Healthcare: The Call Came From Inside the House

In March of 2020, a VP at Stradis Healthcare was fired. Before leaving, he created a fake-user admin account on the company’s network. He then was able to create a second illegitimate account which he used to sabotage thousands of records, causing hundreds of thousands of dollars in damage and delaying the shipment of much-needed supplies to healthcare customers. A ghoulish act indeed.

Kroger: Misery Loves Company?

In early 2021, Kroger joined the growing list of Accellion attack victims. The breach has impacted more than a hundred companies, universities, organizations, and even government agencies. Exposed data included human resources information, pharmacy records, and financials services records. So far, the breach has cost Kroger $5 million. 

Capturerx: What Lurks in the Dark?

Health IT company CaptureRx helps hospitals manage their 340B drug pricing program claims. But in February 2021, a ransomware attack exposed thousands of patient files. The compromised files contained protected health data including patient names, birthdates, and prescription information. So far, this ransomware attack on a third-party vendor has impacted more than million patients at multiple healthcare institutions.

"I can assure you," said I, "that it will take a very tangible ghost to frighten me.” H.G. Wells, The Red Room

Take heart dear reader. Although credential-based attacks can happen to anyone, with a little planning and the right tools, you can catch them early and often prevent them altogether.

Want to learn more? Sign up for our no BS demo and see for yourself. And stay tuned for our next seasonal blog post: Turkey with a Side of Credential Stuffing … or maybe not.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

7 Cyber Insurance Requirements (And How to Meet Them)
7 Cyber Insurance Requirements (And How to Meet Them)
Organizations must meet comprehensive cyber insurance requirements to qualify for coverage. This article defines seven key cybersecurity insurance requirements. Adhering to these requirements will ensure you’ve covered your bases in case of a claim.
Augmenting PAM with StrongDM: Getting to Dynamic Access
Augmenting PAM with StrongDM: Getting to Dynamic Access
We constantly hear about the gender gap in technology. Whether it’s the shortage of female founders and CEOs, claims of discrimination, or the comparatively small number of women in computer science majors, it seems that the issue has become a regular feature story in the news cycle. Disagreement over how to respond abounds on social media, in editorials, and not infrequently within tech companies themselves.
33+ Must-Know Women In Tech Statistics
33+ Must-Know Women In Tech Statistics for 2023
We constantly hear about the gender gap in technology. Whether it’s the shortage of female founders and CEOs, claims of discrimination, or the comparatively small number of women in computer science majors, it seems that the issue has become a regular feature story in the news cycle. Disagreement over how to respond abounds on social media, in editorials, and not infrequently within tech companies themselves.
SD-WAN vs. VPN: All You Need to Know
SD-WAN vs. VPN: All You Need to Know
Networking decisions can be challenging, and no one wants to make a costly mistake. The information in this article will help you understand how SD-WAN and VPN compare, so you can decide which option fits your organization best. You can find a networking solution that provides your employees with a secure internet connection while meeting your business needs and budget.
What is Cloud Scalability? Examples, Benefits, and More
What is Cloud Scalability? Examples, Benefits, and More
Cloud computing isn’t a trend, it’s how businesses grow. In 2022, most enterprises said they use cloud services, and more than half say they plan to spend even more on cloud applications and infrastructure in 2023. Cloud scalability offers flexibility at a reasonable price, making it an important business tool. In this article we’ll discuss what scalability is in cloud computing, the benefits of cloud computing scalability, and discuss ways businesses use scalability.