<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Meet StrongDM in person at Oktane 2023! Book a meeting with us here.

Five Spine-Chilling Credential Theft Stories

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

“It is, I confess, with considerable diffidence, that I approach the strange narrative which I am about to relate. The events which I purpose detailing are of so extraordinary a character that I am quite prepared to meet with an unusual amount of incredulity and scorn. I accept all such beforehand.” Fitz-James O’Brien, What Was It?

Gather ‘round for five, real-life stories of data breach that will haunt your dreams. You’ll find no ghosts, ghouls, or vampires here—though there may be zombies

Read on if you dare…

Marriott: A Haunted Hotel

Marriott acquired Starwood Hotels in 2016 and inherited its faulty IT infrastructure, including a legacy guest reservation system that had been unknowingly compromised in 2014. Per CSO Online, “Starwood’s old system limped on, zombie-like, infected with malware, breached by hackers, and without much by way of continuity of care…” until 2018, when an internal security tool finally detected the problem. By then, attackers had encrypted and most-likely removed password and credit card data from millions of guest records. And the fright doesn’t end there. Marriott continues to face fines, lawsuits, and lost revenue related to the breach. Yikes.

Volkswagen: Is It Possible to Steal a Deceased Person’s Identity?

Apparently so. In March 2021, Audi and Volkswagen learned that an attacker may have obtained the personal data of more than three million individuals in the U.S. and Canada. A marketing services company under Volkswagen’s employ left personal information from potential customers unprotected for 21 months before the leak was discovered. The exposure included driver’s license numbers and in some cases birth dates, Social Security numbers, account or loan numbers, and tax IDs from victims both living and dead.

Stradis Healthcare: The Call Came From Inside the House

In March of 2020, a VP at Stradis Healthcare was fired. Before leaving, he created a fake-user admin account on the company’s network. He then was able to create a second illegitimate account which he used to sabotage thousands of records, causing hundreds of thousands of dollars in damage and delaying the shipment of much-needed supplies to healthcare customers. A ghoulish act indeed.

Kroger: Misery Loves Company?

In early 2021, Kroger joined the growing list of Accellion attack victims. The breach has impacted more than a hundred companies, universities, organizations, and even government agencies. Exposed data included human resources information, pharmacy records, and financials services records. So far, the breach has cost Kroger $5 million. 

Capturerx: What Lurks in the Dark?

Health IT company CaptureRx helps hospitals manage their 340B drug pricing program claims. But in February 2021, a ransomware attack exposed thousands of patient files. The compromised files contained protected health data including patient names, birthdates, and prescription information. So far, this ransomware attack on a third-party vendor has impacted more than million patients at multiple healthcare institutions.

"I can assure you," said I, "that it will take a very tangible ghost to frighten me.” H.G. Wells, The Red Room

Take heart dear reader. Although credential-based attacks can happen to anyone, with a little planning and the right tools, you can catch them early and often prevent them altogether.

Want to learn more? Sign up for our no BS demo and see for yourself. And stay tuned for our next seasonal blog post: Turkey with a Side of Credential Stuffing … or maybe not.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Unlocking Zero Trust: The Kipling Method for Policy Writing
Unlocking Zero Trust: The Kipling Method for Policy Writing
To embark on a successful Zero Trust journey, it's crucial to articulate and implement policies that align seamlessly with your business model. The Kipling Method serves as a guiding light in this endeavor. Let's delve into the six fundamental questions it poses.
Simplifying AWS Access with StrongDM Without Compromising Security Posture
Simplifying AWS Access with StrongDM Without Compromising Security Posture
Since Amazon Web Services first announced it in 2011, AWS IAM has evolved to become the gateway to the AWS Cloud. Organizations cannot interact with their cloud resources and its many services without it. Identity, not networking, is the real access boundary.
Privilege Escalation Attack Explained (How to Prevent It)
Cyber Resilience: The Why, the How, and the Way to a Better Framework
Cyber Resilience: The Why, the How, and the Way to a Better Framework
In today's rapidly evolving digital landscape, the concept of cyber resilience has taken center stage. This resilience refers to an organization's capacity to not only withstand but thrive in the face of cyber emergencies, such as the escalating menace of cyber attacks. This article delves into the critical importance of cyber resilience, shedding light on the ever-growing challenges and threats faced by organizations today, and how the right framework, like StrongDM, can fortify an organization's defenses and ensure uninterrupted operations in the wake of unexpected cyber incidents.
Break Glass Explained: Why You Need It for Privileged Accounts
Break Glass Explained: Why You Need It for Privileged Accounts
Identity and access management (IAM) and privileged access management (PAM) are critical security tools for modern organizations. However, they can sometimes bar users from accessing critical systems and services, potentially impacting production, customer experience, and cybersecurity. In urgent cases, a method of bypassing normal security controls to regain access—called “break glass”—is needed. In this post, we’ll walk you through the break-glass process—what it is, why it’s important, and how to execute it.