<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon

Five Spine-Chilling Credential Theft Stories

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

“It is, I confess, with considerable diffidence, that I approach the strange narrative which I am about to relate. The events which I purpose detailing are of so extraordinary a character that I am quite prepared to meet with an unusual amount of incredulity and scorn. I accept all such beforehand.” Fitz-James O’Brien, What Was It?

Gather ‘round for five, real-life stories of data breach that will haunt your dreams. You’ll find no ghosts, ghouls, or vampires here—though there may be zombies

Read on if you dare…

Marriott: A Haunted Hotel

Marriott acquired Starwood Hotels in 2016 and inherited its faulty IT infrastructure, including a legacy guest reservation system that had been unknowingly compromised in 2014. Per CSO Online, “Starwood’s old system limped on, zombie-like, infected with malware, breached by hackers, and without much by way of continuity of care…” until 2018, when an internal security tool finally detected the problem. By then, attackers had encrypted and most-likely removed password and credit card data from millions of guest records. And the fright doesn’t end there. Marriott continues to face fines, lawsuits, and lost revenue related to the breach. Yikes.

Volkswagen: Is It Possible to Steal a Deceased Person’s Identity?

Apparently so. In March 2021, Audi and Volkswagen learned that an attacker may have obtained the personal data of more than three million individuals in the U.S. and Canada. A marketing services company under Volkswagen’s employ left personal information from potential customers unprotected for 21 months before the leak was discovered. The exposure included driver’s license numbers and in some cases birth dates, Social Security numbers, account or loan numbers, and tax IDs from victims both living and dead.

Stradis Healthcare: The Call Came From Inside the House

In March of 2020, a VP at Stradis Healthcare was fired. Before leaving, he created a fake-user admin account on the company’s network. He then was able to create a second illegitimate account which he used to sabotage thousands of records, causing hundreds of thousands of dollars in damage and delaying the shipment of much-needed supplies to healthcare customers. A ghoulish act indeed.

Kroger: Misery Loves Company?

In early 2021, Kroger joined the growing list of Accellion attack victims. The breach has impacted more than a hundred companies, universities, organizations, and even government agencies. Exposed data included human resources information, pharmacy records, and financials services records. So far, the breach has cost Kroger $5 million. 

Capturerx: What Lurks in the Dark?

Health IT company CaptureRx helps hospitals manage their 340B drug pricing program claims. But in February 2021, a ransomware attack exposed thousands of patient files. The compromised files contained protected health data including patient names, birthdates, and prescription information. So far, this ransomware attack on a third-party vendor has impacted more than million patients at multiple healthcare institutions.

"I can assure you," said I, "that it will take a very tangible ghost to frighten me.” H.G. Wells, The Red Room

Take heart dear reader. Although credential-based attacks can happen to anyone, with a little planning and the right tools, you can catch them early and often prevent them altogether.

Want to learn more? Sign up for our no BS demo and see for yourself. And stay tuned for our next seasonal blog post: Turkey with a Side of Credential Stuffing … or maybe not.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

IP Whitelisting: Meaning, Alternatives & More
IP Whitelisting: Meaning, Alternatives & More [2024 Guide]
IP whitelisting is a security strategy that restricts access to a network/system to a specified list of trusted IP addresses. This approach ensures that only individuals using the approved addresses can access certain resources.
How to List Users in Linux (9 Methods with Examples)
How to List Users in Linux (9 Methods with Examples)
Need to keep tabs on who has access to your organization’s Linux system? This guide explores nine methods, with examples, that can help you quickly list users.
SCP Command in Linux: 10 Essential Examples
SCP Command in Linux: 10 Essential Examples
Discover 10 ways to leverage the SCP command in Linux. Learn how to incorporate options for specific file transfers and how to deal with common errors.
CyberArk-Wiz Partnership: Cloud Security or Cloud Confusion?
CyberArk-Wiz Partnership: Cloud Security or Cloud Confusion?
Yesterday, CyberArk announced a new partnership with Wiz, where they’re touting “complete visibility and control for cloud-created identities.” I know I’ve had my fun poking holes at CyberArk in the past, but with this announcement, they’ve just handed the world a glaringly tone-deaf admission of being outdated, un-innovative, and uninterested in what enterprise security teams actually want.
The State of AI in Cybersecurity Report by StrongDM
The State of AI in Cybersecurity Report by StrongDM
Artificial intelligence is reshaping industries across the board, and cybersecurity is no exception. But as AI evolves, so do the threats that keep cybersecurity professionals up at night. Just how serious is the concern? According to a StrongDM survey of 600 cybersecurity professionals, AI-driven threats are emerging as one of the top concerns for the future of cybersecurity.