Centrify Mid-Year Data Breach Report: Credential Abuse, a Top Threat of Cyber Attacks

August 5, 2019

It’s hard to believe that we’re already more than halfway through 2019. Or as I like to put it, I’ve already wasted one month of summer without getting outside enough.

Well, one of the reasons why is because here at Centrify we’ve been laser focused on stopping the leading cause of data breaches – privileged access abuse.

We recently looked back at the first half of the year and reviewed the top breaches of 2019. It was no surprise to us that the top cyber breaches in the first half of year were related to credential abuse. The breach analysis underscores the fact that most organizations are still not prepared to protect themselves against privilege-related threats.

High Profile Breaches Still Making Headlines

Many of the highest profile cyber breaches in 2019 were tied directly to shortcomings in Privileged Access Management.

Leading the pack were "Collection #1" and “Collections #2-5”, the nicknames for a massive stockpile of login credentials from a variety of confirmed and alleged data breaches.

Collections #1 accounted for 2.7 billion total records, including 1.2 billion unique e-mail address and password combinations, 773 million unique e-mail addresses, and 21 million unique, plaintext passwords. Meanwhile, the total haul from the Collections #2–5 breaches were even bigger, accounting for 845 gigabytes of stolen data and a staggering 25 billion records.


Other notable breaches in 2019 featuring credential abuse included Dunkin Donuts and Citrix. In the Dunkin Donuts case, the company suffered two credential stuffing attacks in three months whereby hackers used stolen usernames and passwords leaked at other sites to gain unauthorized access to user accounts.

Meanwhile, in the Citrix case, an international hacking group was able to gain access to the company’s internal network and possibly steal up to six terabytes of sensitive documents via “password spraying,” a technique that exploits weak passwords.

Time for Zero Trust Privilege

Centrify’s recent survey, Privileged Access Management in the Modern Threatscape, makes it clear that access management needs to be a top security priority as stolen and abused credentials continue to be the biggest cause of data breaches.

The survey of 1,000 IT decision makers in the U.S. and U.K. highlights  the following:

  • 74% of data breaches involve privileged access abuse
  • 52% of respondents said their companies don’t have a password vault, indicating that a majority of organizations are not even taking the simplest measures to reduce risk and secure access to sensitive data and critical infrastructure
  • 65% of survey respondents are still sharing root or privileged access to systems and data at least somewhat often
  • 55% of organizations are not using PAM to protect their cloud workloads

Cyberattacks will only grow in virulence and volume until the industry truly prioritizes Privileged Access Management, and does so with an approach that is grounded in Zero Trust. By controlling privileged access and minimizing the attack surface, organizations can significantly harden their security posture and greatly reduce risk of a breach.

First step: get a vault! When over half of organizations aren’t taking this most basic step to secure privileged credentials, it’s no surprise that data breaches continue to exploit weak, default, and stolen passwords for privileged access. Centrify now offers a Free Tier password vault for PAM-as-a-Service, available as a subscription on the AWS Marketplace.

If you missed it a couple of months ago, Dr. Chase Cunningham from Forrester was a guest speaker with our own Cybersecurity Evangelist Dr. Torsten George on a webinar that explored this very topic. You can watch it on-demand now: https://www.centrify.com/resources/webinars/at-least-get-a-vault/

There are a variety of steps to take on the maturity path to Zero Trust Privilege, and some are as simple as using MFA for administrative access, vaulting away passwords, etc. These steps can go a long way to reduce the risk that YOUR company makes the data breach headlines in the second half of 2019.

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.