Identity Theft (part 1)

Identity theft, as cyber attacks go, is pretty easy to understand – a threat actor gains control of a user’s credentials (identity) and then attacks the service (organisation), posing as that user. There are nuances but that is the attack in the briefest of terms.?

Credential and identity theft are being undertaken by the threat actor community on an industrial scale, through info-stealing malware, social engineering attacks, phishing emails, compromised websites, user carelessness, etc., etc.. The shift in recent years to organisations large and small migrating to a SaaS (Software-as-a-Service) operating model, and the success of Microsoft 365 and Google Workplace to facilitate this move, have greatly increased the attack surface. Some may also point at the increase in forward-looking organisations, who value their teams, and offer hybrid working as a risk factor – but from experience a user is as likely to give away their credentials in a secure office as they are to do it sitting at the dining room table.?

Why does the move to SaaS encourage identity theft??

The move to SaaS has increased the amount of work your people do online in the browsers – many saving valuable credentials in those browsers. Even if they use the Word app on their laptop, the resulting document will be stored in SharePoint or OneDrive in the cloud. These are two of the main reasons that threat actors are actively involved in stealing and/or buying (from the Dark Web) credentials, they can unlock vast resources of information, opening the doors to exploitation and monetisation of the hack.?

Identity Theft and the Snowflake Attack?

2024 turned out to be the “Year of Identity Theft” with many organisations, such as Microsoft and MGM Resorts, suffering breaches that could be traced to an employee’s identity being misused (Push Security, 2025). However, the breach on Snowflake – a US-based cloud-based data storage company, providing data services to a range of multinational companies such as Ticketmaster and Santander Bank – made the headlines as one of the largest data breaches ever. The personal information of hundreds of millions of clients of 165 organisations using Snowflake was exposed in this data breach. The attack and subsequent response by the organisations and users impacted made world headlines. (Lakshmanan, 2024.)?

How??

For the how and your takeaway on this type of identity attack you will need to read part two, on CyberAwake.?