Every breach that
legacy MFA couldn't stop,
but MFA 2.0 would have.

PraisonAI Authentication Bypass: Default Setting Left AI Framework Exposed

PraisonAI versions 2.5.6 through 4.6.33 shipped with AUTH_ENABLED=False, exposing /agents and /chat endpoints to immediate unauthenticated access after CVE-2026-44338 publication.

→

Coupang and Clop Oracle Breaches Reveal Credential Theft as the Persistent Gap

In late 2025, Coupang disclosed that a former employee retained unauthorized access to systems holding data on nearly 34 million customers.

→

Under Armour: Credential Theft Turned Routine Access Into Ransomware

In November 2025 Under Armour confirmed a ransomware incident that halted operations and exposed customer records.

→

ShinyHunters OAuth Theft: Legacy MFA Failed Before Any Salesforce Login

ShinyHunters first targeted employees at Salesloft and Drift.

→

Scattered Spider Bypassed JLR's MFA: Credential Theft Triggered £1.9B Shutdown

In September 2025 Scattered Spider gained initial access to Jaguar Land Rover systems through social engineering that directly targeted employee credentials.

→

Oracle E-Business Suite Breach: Credentials Turned a Vuln Into Mass Data Theft

In August 2025 the Clop ransomware group targeted Oracle E-Business Suite instances at the University of Phoenix and Aflac.

→

Scattered Spider Bypassed Legacy MFA at Qantas—Device-Bound Keys Would Have Stopped It

In July 2025 Scattered Spider targeted airlines including Qantas and several retail firms.

→

16 Billion Leaked Credentials Expose Why Phishable Factors Always Fail

In June 2025, a compilation of usernames and passwords totaling more than 16 billion records surfaced from prior breaches and infostealer malware campaigns.

→

Scattered Spider stole retail credentials because legacy MFA still trusted what could be phished

In May 2025 Scattered Spider targeted Marks & Spencer and the Co-operative Group with coordinated social-engineering campaigns that resulted in ransomware deployment and weeks of operational disruption across UK retail…

→

SK Telecom: 27 Million Users Exposed After Credentials Unlocked BPFDoor

In April 2025, attackers gained initial access to SK Telecom’s systems and deployed the BPFDoor remote access trojan.

→

Bank Sepah Lost 42 Million Records to Stolen Credentials

In March 2025, the Codebreakers collective gained unauthorized access to Bank Sepah's systems in Iran and extracted 42 million customer records.

→

Bybit's $1.5B Theft: Wallet Flaw Met Stolen Credentials

In February 2025, the Lazarus Group compromised Bybit's Dubai operations and extracted $1.

→

Ivanti and SonicWall Zero-Days: Stolen Credentials Turned Exploits Into Full Network Control

In January 2025, nation-state and ransomware operators began actively exploiting multiple zero-day vulnerabilities in Ivanti and SonicWall VPN appliances.

→

Salt Typhoon Walked In on Stolen Credentials That Legacy MFA Could Not Block

Salt Typhoon, a Chinese state-sponsored group, targeted major U.

→

DP World: Credential Theft Crippled Ports Because Legacy MFA Could Not Stop It

In November 2024, attackers gained initial access to DP World Australia’s systems through compromised credentials or phishing.

→

ICMR Breach: Stolen Credentials Opened Government Health Records

In October 2024, multiple large-scale incidents, including continued exposure from Indian Council of Medical Research (ICMR) data, exposed hundreds of millions of health and personal records.

→

Ticketmaster Breach: Credential Theft Walked Straight Through Legacy MFA

In September 2024 Ticketmaster and parent company Live Nation disclosed a breach that exposed customer information including names, addresses, phone numbers, and partial payment details.

→

MC2 Breach: Exposed Credentials Show Legacy MFA Cannot Protect Data Stores

In August 2024, MC2 Data suffered unauthorized access that exposed names, addresses, birth dates, email addresses, phone numbers, and passwords belonging to millions of records.

→

TfL and Western Sydney: Credential Access Exposed Passenger and Student Data

In July 2024, Transport for London and Western Sydney University each suffered unauthorized access that exposed passenger records and student personal data.

→

MediSecure & Synnovis: Stolen Credentials Delivered Ransomware Into Healthcare Systems

In June 2024 ransomware struck MediSecure, the Australian pharmacy prescription clearinghouse, and Synnovis, the NHS pathology provider in south-east London.

→

Snowflake 2024: Infostealer Logs and Absent MFA Enabled 165+ Breaches

In early 2024, operators UNC5537 and ShinyHunters harvested credentials through infostealer malware installed on employee endpoints.

→

Credential Theft Powered 2024 Ransomware Wave — Device-Bound Keys Close the Gap

In April 2024, ransomware groups hit Ascension and other healthcare providers, disrupting operations across multiple states.

→

National Public Data: 2.9 Billion Records Lost to Exposed Credentials

In early 2024, National Public Data, a major data brokerage firm, suffered a breach that exposed sensitive personal information belonging to nearly 2.

→

Change Healthcare: One Stolen Credential, Nine Days of Access, Nationwide Disruption

On 21 February 2024 the BlackCat/ALPHV group used a single set of stolen credentials belonging to a low-level support employee.

→

Midnight Blizzard Used Stolen Credentials to Reach Microsoft Exec Mail

In early 2024 Microsoft confirmed that the Russian nation-state actor Midnight Blizzard had obtained persistent access to senior leadership and security-team mailboxes.

→

1.5 Billion Records Exposed: How Stolen Credentials Bypassed Every Legacy Control

In December 2023, attackers gained unauthorized access to the Real Estate Wealth Network and walked away with more than 1.

→

Kid Security Exposed 300 Million Records via Plaintext Credentials in an Open Database

In November 2023 researchers found that Kid Security, a widely used parental control application, had left a database publicly accessible.

→

ICMR Breach Exposed 815 Million Records Through Simple Credential Gaps

In October 2023 researchers found an exposed database belonging to India’s Indian Council of Medical Research that held records for more than 815 million people.

→

Sabre Breach: Credential Theft Let Attackers Walk Off With 1.3 TB

In September 2023, Sabre Corporation disclosed that attackers had exfiltrated roughly 1.

→

MGM Breach: Social Engineering Bypassed Legacy MFA for 10.6M Records

In September 2023, MGM Resorts confirmed that attackers had gained unauthorized access to its systems the previous month.

→

UK Electoral Commission Breach: Weak Authentication Exposed 40 Million Voter Records

In July 2023 the UK Electoral Commission revealed that attackers had accessed its systems and obtained personal details belonging to roughly 40 million voters.

→

MOVEit Zero-Day Showed How Stolen Credentials Turn Supply-Chain Hits Into Disasters

In late May 2023, the Clop group began exploiting a previously unknown SQL injection flaw in Progress Software’s MOVEit Transfer file-transfer application.

→

8base Ransomware: Compromised Credentials Bypassed Legacy MFA Across Sectors

Throughout May 2023, the 8base ransomware group executed coordinated campaigns against healthcare providers, schools, and government entities.

→

Shields Healthcare: Credential Theft Exposed 2.3 Million Patient Records

In April 2023 Shields Healthcare Group reported unauthorized access that exposed sensitive records for roughly 2.

→

OpenAI Smishing Hit: Third-Party Credential Theft Exposed API Metadata

In early 2023 OpenAI disclosed that attackers had obtained limited user metadata from its ChatGPT API service.

→

Activision Breach: Exposed Credentials Show Why Phishable MFA Fails

In late 2022 an attacker gained unauthorized access to Activision systems through compromised or exposed employee credentials.

→

Mailchimp: Social Engineering Stole Employee Credentials and Accessed 133 Accounts

In January 2023 Mailchimp disclosed that an attacker used social engineering to obtain credentials belonging to employees and contractors.

→

LastPass: August Credentials Opened December Cloud Storage Access

In August 2022 an attacker obtained valid developer credentials and associated encryption keys from LastPass.

→

Medibank: Stolen Credentials Gave Attackers Months of Unfettered Access

In late 2022 attackers gained initial access to Medibank's environment through compromised credentials or a phishing campaign.

→

Sandworm's 2022 Grid Attack: Stolen Credentials and Living-off-the-Land Tactics

Sandworm operators gained initial access to a Ukrainian energy facility network by June 2022 and maintained persistence until the October cyber-physical strike that caused a power outage timed with missile attacks.

→

Uber 2022: Social Engineering Bypassed MFA Because Credentials Remained Phishable

In September 2022 a Lapsus$ affiliate obtained an Uber employee's corporate password through direct social engineering.

→

Advanced Ransomware Attack on NHS Supplier: How Compromised Credentials Exposed the Limits of Legacy MFA

In August 2022, Advanced, a major UK managed service provider supporting NHS emergency and out-of-hours GP services, suffered a ransomware intrusion that produced extended disruption across critical healthcare pathways.

→

Twitter 2022 Breach: How Credential Exposure Still Wins When Phishable Factors Remain

In July 2022 a dataset containing information on roughly 5.

→

Nelnet Breach: How Credential Theft Exposed 2.5 Million Borrowers and Why Only Phish-Proof MFA 2.0 Closes the Gap

In June 2022, Nelnet Servicing, one of the largest student loan servicers in the United States, disclosed a breach impacting more than 2.

→

Costa Rica Government Conti Ransomware Attack: How MFA 2.0 Would Have Broken the Attack Chain at Every Step

When Conti ransomware brought Costa Rica’s government to a standstill in mid-April 2022, the attack followed a now-familiar pattern.

→

Lapsus$ Microsoft, Samsung, and Ubisoft Breaches: How MFA 2.0 Would Have Broken the Attack Chain at Every Step

In March 2022 the Lapsus$ group executed one of the most visible credential-driven campaigns in recent memory.

→

Lapsus$ Nvidia Breach: How MFA 2.0 Would Have Broken the Attack Chain at Every Step

In late February 2022, the Lapsus$ group breached Nvidia, exfiltrating roughly one terabyte of sensitive data.

→

Lapsus$ Okta Breach: How MFA 2.0 Would Have Broken the Attack Chain at Every Step

In January 2022 the Lapsus$ group compromised a third-party customer support engineer’s account at Okta.

→

Shutterfly Ransomware Attack: How MFA 2.0 Would Have Broken the Attack Chain at Every Step

The Shutterfly ransomware incident in late 2021 followed a now-familiar pattern: attackers used compromised credentials to gain initial access, moved laterally, exfiltrated data, and eventually deployed ransomware that…

→

Robinhood Breach: How MFA 2.0 Would Have Broken the Attack Chain at Every Step

The November 2021 Robinhood breach exposed personal data of roughly 7 million customers after attackers compromised customer service credentials through social engineering.

→

Cream Finance $130M DeFi Hack: How MFA 2.0 Would Have Broken the Attack Chain

The Cream Finance breach of October 2021 marked the third major incident for the DeFi lending protocol in a single year.

→

Kaseya VSA Ransomware: How MFA 2.0 Would Have Stopped a $70M Supply Chain Disaster

On July 2, 2021, the REvil ransomware group executed a devastating supply chain attack through Kaseya VSA, a remote monitoring and management tool trusted by thousands of managed service providers (MSPs).

→

JBS Ransomware Attack: How Credential Compromise Still Defeats Legacy MFA — And Why Only Phish-Proof MFA 2.0 Closes the Gap

When REvil ransomware struck JBS, the world’s largest meat processor, in late May 2021, the consequences were immediate and visible: slaughterhouses across the US, Canada, and Australia went dark.

→

Colonial Pipeline Ransomware: How MFA 2.0 Would Have Stopped a National Crisis

The Colonial Pipeline ransomware attack in May 2021 was a wake-up call for critical infrastructure worldwide.

→

Facebook’s 533 Million User Data Breach: How MFA 2.0 Would Have Stopped the Downstream Damage

The 2021 Facebook data breach, which exposed the personal information of over 533 million users across 106 countries, remains a chilling example of how a single vulnerability can cascade into widespread cybercrime.

→

CNA Financial Ransomware: How MFA 2.0 Could Have Stopped a $40M Disaster

The CNA Financial ransomware attack in March 2021 stands as a stark reminder of the devastating consequences of phishing and compromised credentials.

→

Oldsmar Water Hack: How MFA 2.0 Would Have Stopped the Attack Cold

In February 2021, a cyberattack on the Oldsmar, Florida water treatment plant exposed the fragility of critical infrastructure when attackers exploited weak remote access credentials to manipulate chemical levels in the…

→

SolarWinds SUNBURST: How MFA 2.0 Could Have Stopped a Supply Chain Catastrophe

The SolarWinds SUNBURST attack stands as a stark reminder of the fragility of credential-based security models in the face of sophisticated adversaries.

→