Stolen Credentials Breaches
Discussions focus on how attackers compromised company systems via stolen or weak employee credentials, such as admin/password or support accounts, debating methods like phishing, leaks, or insider access over software vulnerabilities.
Activity Over Time
Top Contributors
Keywords
Sample Comments
I think it was deep access to one customer's network, and probably their own fault for choosing lame credentials.
We don't know that. Their system could've been compromised in some other way and the password captured.
agreed but the hack was a result of credentials being "admin/password"
The story suggests that remote access has been disabled following a password leak, which suggests some form of malicious attack.
I don't think there was a vulnerability. As I understood it, somebody stole a support person's credentials and logged in with them.
Possibly the credentials were encrypted, but the attackers got the encryption keys as well?
"successfully infiltrated the support staff" - This doesn't rule out that they didn't sniff out their credentials and logged in as them.
Hmmm, it sounded to me more like the person had gained access to other employee's credentials. eg usernames/passwords or similar.
This is a pretty hilarious and long-winded way to say "we have no idea how to lock someone out of a web service:"> 1. While Ruby Central correctly removed access to shared credentials through its enterprise password manager prior to the incident, our staff did not consider the possibility that this credential may have been copied or exfiltrated to other password managers outside of Ruby Central’s visibility or control.> 2. Ruby Central failed to rotate the AWS root account
There may have been administrative access that was not properly secured.