As we see evidence of time and again, threat actors don’t always hack—sometimes they simply log in. The PowerSchool breach is the latest example of how credential-based attacks are surging, putting organizations of every type at greater risk. A single weak password, an unmonitored app, or a misconfigured access policy can become the entry point for a major breach. Recent incidents highlight how hackers exploit identity blind spots, making stronger credentials and better identity hygiene practices a top priority.
A Closer Look at Identity-Related Breaches
Despite significant investments in tools designed to protect against credential theft, breaches and incidents persist. Why? Many organizations face a visibility problem that existing tools fail to address. Inadequate insight into how identities are actively used across their app ecosystems creates an unmonitored attack surface for threat actors to exploit. Visibility, or observability in some circles, is the foundation of effective security, and without it, even the best tools can’t offer protection.
Consider the recent PowerSchool breach, where hackers reportedly stole all historical student and teacher data, including sensitive personal and academic records. According to TechCrunch, the incident underscores how vulnerable educational institutions remain when it comes to identity security. Poor password hygiene and a lack of real-time monitoring allowed attackers to exfiltrate vast amounts of data, compromising years of information for countless individuals. This breach highlights the urgency for schools and other organizations to prioritize robust identity protection measures, such as enforcing MFA, monitoring app usage, and identifying risks before they can be exploited.
The past two years have seen several high-profile breaches originating from compromised credentials:
- Microsoft Exchange (2023): Attackers exploited a legacy account with no Multi-factor Authentication (MFA), exfiltrating sensitive data and disrupting global operations.
- Internet Archive (2024): Weak password practices exposed 31 million user accounts, including bcrypt-hashed passwords.
- Evolve Bank (2024): A ransomware attack compromised 7.6 million records after attackers gained unauthorized access.
These incidents underscore a troubling reality: passwords remain a critical vulnerability. When organizations fail to enforce strong credentials and good identity hygiene, like enforcing the use of MFA, they leave themselves open to attacks that are both preventable and predictable.
The Identity Crisis
The shift to SaaS apps has revolutionized how organizations operate, offering flexibility and scalability. However, decentralized app adoption introduces unmanaged risk:
- Shadow IT: Employees bypass IT approval to adopt unsanctioned SaaS apps, leaving organizations unaware of who is accessing what—and how.
- Dormant Accounts: Incomplete offboarding processes leave orphaned accounts active, creating easy targets for attackers.
Even sanctioned apps can become entry points for threat actors if access controls are not properly managed. Without visibility, organizations remain in the dark about potential threats.
Tools like SSO, MFA, and IGA are foundational to modern security strategies but are not foolproof. Attackers frequently exploit:
- SSO Bypass: Users log in directly to SaaS apps, sidestepping security protocols.
- MFA Coverage Gaps: Many apps remain unprotected due to inconsistent enforcement or lack of integration.
- App-to-App Connections: Integrations between apps create unmonitored entry points if not properly governed.
These gaps are often invisible to traditional IAM tools, making them prime targets for attackers. Continuous monitoring and validation are essential to close these vulnerabilities.
Prioritize Credential Hygiene for a Stronger Defense
Improving credential hygiene is no longer optional—it’s a necessity in today’s threat landscape. Credentials are often the first line of defense, and weak or reused passwords provide cybercriminals with an easy gateway into your environment. Attackers rely on tactics like credential stuffing and phishing, which exploit poor password practices and allow them to bypass traditional security measures. In fact, many breaches result not from sophisticated hacks but from a failure to secure basic identity credentials.
Organizations must recognize that credential hygiene isn’t just about meeting compliance standards—it’s about preventing real-world breaches. Creating and enforcing policies that require strong, unique passwords is a critical first step, as is mandating regular updates to minimize the risk of credential exposure.
Consistent MFA coverage is equally essential, as it adds a vital second layer of protection against compromised credentials. Even if a password is stolen, MFA can prevent unauthorized access. However, gaps in MFA coverage—such as unprotected apps or misconfigured setups—can undermine its effectiveness, making continuous validation a must.
To go beyond basic measures, organizations should leverage automated tools that streamline access reviews and offboarding. These tools play a crucial role in eliminating dormant accounts, which are often overlooked but can become high-risk entry points. Automated workflows also ensure unnecessary permissions are promptly removed, reducing the likelihood of privilege misuse.
Why Comprehensive Visibility is Critical
Credential hygiene efforts are only as effective as the organization’s ability to see and address risks in real time. Comprehensive visibility into all SaaS apps, users, and identities provides the foundation for a strong security strategy by enabling organizations to:
- Validate MFA Configurations: Ensure every app, whether sanctioned or unsanctioned, is fully secured with MFA, closing coverage gaps that attackers frequently exploit.
- Monitor App-to-App Connections: As SaaS environments grow more interconnected, app-to-app integrations can introduce vulnerabilities if not monitored. Real-time insights allow teams to detect and respond to suspicious activity quickly.
- Remediate Risks Proactively: The faster vulnerabilities are identified, the less chance they have to escalate into full-blown breaches. Automated tools enable immediate remediation of weak passwords, unused accounts, and excessive permissions.
Credential hygiene isn’t just a box to check—it’s the backbone of a resilient identity security strategy. Organizations that prioritize it are far better equipped to defend against today’s most common attack vectors.
The Cost of Inaction
Neglecting credential hygiene and identity security comes at a steep price:
- Financial Losses: Breaches result in penalties, legal fees, and operational costs.
- Reputational Damage: High-profile incidents erode customer trust and long-term business viability.
- Operational Disruption: Breaches delay projects, disrupt workflows, and strain IT teams.
These consequences are preventable—but only with proactive measures.
Taking a Proactive Approach
To combat identity risks, organizations must shift to a proactive security posture, starting with comprehensive visibility. Modern solutions should provide:
- Real-Time Insights: Track all identities, both human and non-human, and the apps they access.
- Continuous Monitoring: Address risks like SSO bypass and shadow IT immediately.
- Automated Workflows: Ensure seamless enforcement of security policies without disrupting productivity.
Educating employees about credential hygiene further strengthens defenses, empowering them to recognize and avoid risky behaviors.
The Bottom Line: Remediate accounts that are one password away from a breach The reality is that every organization is one password away from a breach in some form. By investing in tools and processes that enhance visibility, enforce credential hygiene, and automate security workflows, companies can protect themselves from avoidable risks.
