The Target: Entrust, a digital cybersecurity firm focused on identity management.
The Take: Sensitive corporate internal data from Entrust’s own IT systems.
The Vector: The attacker used previously compromised Entrust employee credentials to access their internal systems, posing as an authenticated user.
This breach is a critical reminder of the importance of credential authentication and password hygiene. Enforced multi-factor authentication could have prevented the Entrust breach, and enforcing this multi-factor authentication, along with reasonably regular forced password resets, password length and complexity rules, are effective strategies to mitigate these kinds of breaches.