Following the news about ClixSense data breach, Bob Rudis, Chief Security Data Scientist at Rapid7 commented below.
Bob Rudis, Chief Security Data Scientist at Rapid7:
The ClixSense breach serves as a prescient reminder about the need for comprehensive defences when exposing services and systems to the public internet. Single factor authentication to critical servers, internal administrative password resuse, and use of the same credentials on critical cloud services powering the ClixSense platform enabled attackers to completely disrupt all ClixSense business & IT processes. The issue here was further compounded due to the lack of proactive system and security monitoring, which may have helped detect the attack. We recommend organisations employ secure storage of user credentials and sensitive information such as social security numbers.