It has been a year since the massive AT&T data breach shook the digital landscape — an incident affecting 73 million current and former customers stretching back to 2019. While the $177 million settlement and complimentary credit monitoring may signal closure for AT&T, for the individuals affected and every other business online, this event could be only the beginning.
Once customer data enters the dark web, its impact reverberates for years. This data is bought, sold, and repurposed time and again in countless fraud schemes.
Learn more →To all CISOs, cybersecurity managers, and fraud prevention experts out there — pull up a chair. We need to talk about something both utterly shocking and yet unbelievably common.
It’s about the recent McDonald’s data breach that affected 64 million job applicants through a vulnerability so basic it’s almost cartoonish: the password “123456.”
The Golden Arches’ Glaring Security Gap
This wasn’t a sophisticated nation-state attack or a zero-day exploit. This was a facepalm moment brought to you by a third-party AI system, Paradox.ai, which provides the McHire platform for screening candidates.
Learn more →Recent news brought this topic close to home: Troy Hunt, a renowned security expert and the creator of Have I Been Pwned (HIBP), recently shared that he fell victim to a sneaky phishing attack targeting his Mailchimp account.
Troy received an email that looked like it was from Mailchimp, claiming there was a spam complaint and that he needed to log in to resolve it. Being tired and a bit jet-lagged, he clicked the link and entered his credentials — only to realize moments later it was a fake site. The attackers immediately used this access to export his blog’s mailing list, containing around 16,000 records.
Learn more →The recent news of 23andMe filing for bankruptcy resonates deeply for anyone in fraud prevention. While reports highlight various financial struggles for the genetic testing company, the seeds of this downfall were significantly sown by the massive 2023 data breach that began with credential stuffing attacks.
What Happened
Attackers leveraged credentials compromised elsewhere — that consumers unfortunately reused on their 23andMe accounts — to expose sensitive genetic and ancestry data of over 6.9 million customers.
Learn more →The PowerSchool data leak serves as a stark reminder of the critical importance of protecting user credentials — implementing a service to check whether usernames and passwords are known to be compromised, and enforcing a strong password change policy.
What Happened
Hackers gained access to PowerSchool’s system — likely through stolen credentials — exploiting a vulnerability in the PowerSource support portal. This highlights a common attack vector: compromised credentials. Weak passwords, phishing scams, or credential reuse across platforms can grant unauthorized access to sensitive data.
Learn more →