Crucial Lessons Gained & Strategic Steps Forward: Mastering the Art of Progress

A hand reaching for a padlock on a laptop screen, symbolizing Crucial Lessons in Mastering the Art of Progress.

Imagine this: your entire business gets derailed by a string of just eight characters. Scary, right? Unfortunately, the constant barrage of password-based cyberattacks highlights the frightening ease with which cybercriminals can abuse vulnerable credentials and wreak havoc on businesses like yours.

Password attacks come in various forms, from phishing schemes that trick your employees into handing over their login information to underground markets where criminals trade stolen credentials.

Regardless of the method, once they have a valid password, these bad actors can do everything from stealing your data to taking over critical business systems.

Don’t believe it? Nearly half (49%) of incidents in Verizon’s 2023 Data Breach Investigations Report involved compromised passwords.

Notable password-related cyberattacks

Let’s take a closer look at some high-profile password attacks from 2023:


Primarily known for its genetic testing and ancestry services, 23andMe disclosed that a hacker was offering to sell names, locations, and other data for half of its 14 million users.

This incident was traced back to credential stuffing, where attackers use stolen login information or guess credentials to gain unauthorized access.


While Norton is usually recognized for its antivirus protection, the company’s security was compromised due to a credential stuffing attack involving its own Norton Lifelock Password Manager. Norton revealed that nearly a million customers were affected, with data from 6,500 users being compromised.


In late August, the online charity that helps divert reusable goods from landfills sent out an urgent request for members to change their passwords.

According to a hacker’s online claim, the breach involved up to seven million accounts, with user IDs, emails, and hashed passwords being exposed. Freecycle said the attack might have started years ago when a server was left vulnerable, emphasizing the importance of changing passwords, especially if the same ones are used for other services.

Recovering from a compromised password security incident

While the specific steps for responding to a security breach will vary depending on the scope, there are some best practices you can follow to minimize the damage:

1. Issue a ‘Reset All Passwords’ directive

By blocking access to cybercriminals, you can prevent further consequences from the initial breach. This involves clearly communicating to all employees and customers the need to change their passwords immediately. To simplify this process for your employees, you can use a self-service password reset tool and reduce helpdesk calls.

2. Assemble an incident response team

If you haven’t already prepared for a cybersecurity incident, it’s time to gather the appropriate stakeholders and develop an action plan. This typically includes your IT department, legal counsel, and marketing communications teams responsible for informing affected parties. You might also need third-party assistance to conduct digital forensics and fully understand the attack’s impact.

3. Notify those whose personal information has been compromised

Effective data breach disclosure should be comprehensive, clear, and include next-best steps. Make sure you have answers to the most anticipated questions and provide simple ways for people to contact you for more information. Offer recommendations on how to safeguard their data, such as the password reset directive mentioned earlier.

Password best practices for 2024

Defending your business against password attacks doesn’t require reinventing the wheel. In many cases, companies just need to follow standard protective measures.

Start with education. Regularly train your employees in password security and make them aware of the risks associated with using the same passwords across multiple services.

Since cybercriminals may trade lists of previously compromised credentials, it’s also crucial to routinely monitor your business’s risk exposure.

Tools like Specops Password Policy, which continuously scans your Active Directory for compromised passwords, enable you to shift from reactive to proactive password security.

Passwords serve as the keys to some of the world’s most valuable information and systems. By implementing the right technologies and procedures, you can improve your chances of keeping those keys out of the wrong hands.

Article sponsored and written by Specops Software.

Don’t let your business become another statistic. Contact us to learn how ZZ Servers can help you safeguard your company’s digital assets and ensure a robust cybersecurity posture.

What do you think?

Leave a Reply

Related articles

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?

We Schedule a call at your convenience 


We do a discovery and consulting meting 


We prepare a proposal 

Schedule a Free Consultation