“Valid credentials were used for the Three data breach, but was the perpetrator a hacker from outside, or an employee gone bad? The extent of the breach is currently unclear – was the stolen data a list of customers eligible for an upgrade, or was it an entire customer database? Maybe only the data of those people eligible for an upgrade has been used so far? Has data not used for the phone upgrade scam made its way onto the dark web, where it may be used for future phishing and hacking attacks?
Compromised credentials are the cause of many major breaches, and the way into the target network is often through trusted third-party suppliers or contractors who are breached first, and may not have such rigorous security as the real target.
Should the user whose credentials were used have had access to whatever data was stolen? Corporate networks often allow far too much access, to too much data, and to too many systems, rather than only allowing the access appropriate for someone’s job.
Multi-factor authentication, where entering a password is combined with other authentication methods, such as acknowledging a notification on your phone, can be used to stop the use of stolen credentials, and full session recording acts both as a strong deterrent to insider threats and a great tool for forensic analysis.
Three should advise affected customers how they can protect themselves against repercussions of this breach. Changing passwords, especially if using the same one on different websites, is often advised and people should have a heightened awareness of suspicious activity on bank accounts, and be especially vigilant for phishing mails.”