Stolen credentials, basic security lapses at core of 2012 breaches (Search Security)
A common thread could be weaved through the high profile data breaches that took place in 2012. Attackers are targeting basic security lapses and configuration errors or bypassing security systems altogether by using stolen account credentials to appear as a legitimate user on the network.
Any organization that allows access to databases full of customer usernames and passwords without biometric authentication is asking for trouble. First, the number of people who have this sort of access should be limited to as few individuals as possible and those should be the types of people who understand both why the security measures are necessary and how to use them.