Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Credential stuffing and third-party access: what IAM teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Recent breaches at Qantas, DraftKings, Red Hat, and Veradigm show how credential theft, reuse, and third-party access can expose millions of records across sectors, according to Enzoic. The lesson is simple: credential hygiene and continuous monitoring remain core identity controls, not background tasks.

NHIMG editorial — based on content published by Enzoic: Qantas, DraftKings, and other recent breaches

By the numbers:

Questions worth separating out

Q: What breaks when reused passwords are not screened at login?

A: Reused passwords turn one unrelated breach into a new access path.

Q: Why do third-party credentials create disproportionate breach risk?

A: Third-party credentials often carry trusted access into systems that are not tightly watched like employee logins.

Q: What do security teams get wrong about credential stuffing?

A: They often treat it as a customer nuisance rather than an identity control failure.

Practitioner guidance

  • Block compromised credential reuse at the login layer Use breached-password screening, rate limiting, and step-up checks on repeated login failures so reused credentials cannot become a durable foothold.
  • Inventory and scope every third-party identity Map partner users, delegated access, and shared credentials to specific business purposes.
  • Rotate any credential exposed in a partner incident If a third-party breach occurs, assume downstream trust is contaminated.

What's in the full article

Enzoic's full article covers the incident details this post intentionally leaves at the pattern level:

  • Per-incident summaries for Qantas, DraftKings, Red Hat, and Veradigm with the exact exposure paths involved.
  • Operational guidance on credential monitoring and password hygiene that the source uses to interpret the week’s breaches.
  • The article’s own breach-specific context for why these incidents matter to defenders beyond the initial compromise.
  • Examples of how the same compromise pattern can surface across airline, betting, healthcare, and vendor environments.

👉 Read Enzoic's roundup of recent breaches and credential abuse patterns →

Credential stuffing and third-party access: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Credential reuse remains the easiest breach multiplier: When attackers can log in with valid credentials, they bypass much of the control stack that organisations rely on to detect forceful intrusion. The pattern cuts across consumer identity, partner access, and machine-facing accounts because the credential itself becomes the trust anchor. For IAM teams, that means password hygiene and compromised credential monitoring are still frontline controls, not support functions.

A few things that frame the scale:

  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
  • A separate finding shows that lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, with inadequate monitoring and logging and over-privileged accounts both at 37%.

A question worth separating out:

Q: Who is accountable when leaked credentials lead to data exposure?

A: Accountability usually sits across the owning business, the identity team, and any third-party relationship owner. If access was not revoked, scoped, or monitored properly, the failure is governance, not just incident response. Organisations should be able to show which account was used, why it existed, and how it was retired.

👉 Read our full editorial: Recent breaches show credential abuse still drives multi-industry fallout



   
ReplyQuote
Share: