Read also: Spanish police detain fraudsters who stole €12M via fake bank sites, Sony and Lexar-trusted encryption provider has leaked critical business data since May 2021, and more

It’s rare that a week goes by without at least one data breach making the news. Criminals are targeting companies of all sizes to see if they can slip past their digital defenses and steal confidential data.

The CashApp data breach was caused by a former employee who accessed customer financial reports as an act of revenge against the company after their employment was terminated. According to the April 2, 2022 filing with the Securities Exchange Commission by Block (CashApp’s parent company), the employee required access to the financial reports as part of their daily duties.

Credentials are a set of attributes that uniquely identify an entity such as a person, an organization, a service or a device. According to IBM’s Cost of a data breach report, compromised credentials were the primary attack vector of 19% of the data breaches the study highlights. A 2021 data breach report by ITRC reveals that cyberattacks, including credential stuffing, made up 88% of data breaches in Q3 of 2022.

Cyberattacks are still big business and on the rise. Despite substantial increases in cybersecurity spending, many businesses aren’t taking enough action to mitigate their risks. While a significant data breach in itself is a scary concept, the costs of inaction and the subsequent charges associated with investigations, penalty fines and reputational damage should worry you even more.

My colleague, 1Password Senior Security Specialist (and all round stand-up guy) Chris Butler, and I recently chatted about a trend that’s emerged over the past few years: attempts to capitalize on cybersecurity incidents through self-promotion.

The Uber data breach began with the purchase of stolen credentials belonging to an Uber employee from a dark web marketplace. The hacker tried to log into Uber’s network with these credentials but was unsuccessful because the account was protected by MFA. To overcome this security barrier, the hacker contacted the employee and, while pretending to be a member of Uber’s security team, asked them to accept the MFA push notification sent to their phone.

Read also: An FBI-wanted leader of the “Zeus” gang arrested in Geneva, hundreds of Amazon RDS instances leak personal data, and more.

Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud security posture management (CSPM) as crucial tools for protectors everywhere. Consider the recently reported public exposure of data associated with some Microsoft customers and prospects.

‍Dark web monitoring is the process of tracking your organization’s information on the dark web. Dark web monitoring solutions can scan through billions of pages on the internet to find leaked or stolen information, such as compromised passwords, credentials, intellectual property, and other sensitive data being shared and sold among cybercriminals operating on the dark web.