• Office of the Comptroller

A compromised password took down a pipeline – time to update your passwords!

The recent Colonial Pipeline ransomware attack was successful because cybercriminals used a password found on the dark web to access an unused VPN account that did not have multi-factor authorization (MFA).


When users re-use the same or similar passwords on social media, personal, and business accounts, these passwords can be compromised and made available for sale on the dark web. When that happens, cybercriminals can access your banking, credit card, and agency accounts. Here are some ways to protect your personal and agency accounts:

  1. Routinely update your passwords using long and strong passwords, and never re-use the same or similar passwords. (Read our Cybersecurity Tip “Checklist for Safer Passwords” for instructions on building strong passwords for business and personal accounts, as well as your wireless network.)

  2. Always take advantage of multi-factor authentication.

  3. Delete accounts, apps, and games that you no longer use regularly.

See our Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.


cybersecurity tip image

28 views0 comments