Automated bots test stolen username/password pairs from past breaches against Microsoft 365, Google Workspace, and industry SaaS portals — succeeding when employees reuse passwords across personal and work accounts.
Who is affected
Any cloud-first business without MFA enforcement or password-manager adoption.
Why it matters
Most account takeovers are not sophisticated hacks — they are reused passwords from an old breach, tested at 3 a.m. from another continent.
Recommended actions
- Enforce MFA on all cloud accounts — no exceptions.
- Deploy a business password manager and discourage password reuse.
- Enable impossible-travel and risky-sign-in alerts.
- Rotate passwords immediately if a vendor you use reports a breach.
Need help implementing these protections?
ITNS provides managed IT, cybersecurity, and compliance support across Florida. Tell us about your environment — we will help you prioritize what matters most for your team.
Disclaimer: This advisory is for general awareness only and does not constitute legal or compliance advice. Every environment is different — contact ITNS for guidance specific to your business.