Blog

Explore expert insights, product updates, industry trends, and the latest announcements on our blog — your go-to source for staying informed and inspired.

Buy on AWS
Book a demo
Maritime
MyCena
By MyCena | Posted on: 12 June 2025

Why Third-Party Access Is The Weakest Link in Enterprise Security

Last month, two major brands Marks & Spencer (M&S) and Coinbase—became the latest victims in a rising wave of cyberattacks against third-party helpdesk. These weren’t sophisticated zero-day exploits or state-sponsored hacks. They were inside jobs, made possible by human-managed credentials in the hands of third parties.

The fallout? Hundreds of millions in damages, disrupted operations, and shaken customer trust. Here's a breakdown of what went wrong, why it happened, and how MyCena® makes this kind of breach impossible.

What Happened?

Marks & Spencer (M&S)

Hackers infiltrated M&S by exploiting a third-party contractor with access to their systems. Once inside, they stole personal customer data including contact details and order histories—and disrupted online operations. While financial data wasn’t accessed, the impact was still massive: halted online orders, lost revenue, legal fallout, and shaken customer trust.

  • Estimated losses: £43 million per week in halted sales
  • Market value impact: Over £1.2 billion wiped out
  • Reputational cost: Rising customer complaints and a class-action lawsuit in progress

Coinbase

In Coinbase’s case, attackers bribed overseas customer support contractors to misuse their internal access. This allowed them to extract personal information on customers—names, IDs, masked bank details, and more. Even though login credentials and funds remained untouched, the breach triggered legal action, an extortion attempt, and hundreds of millions in projected losses.

  • Ransom demand: $20 million
  • Projected remediation costs: Between $180 million and $400 million
  • Legal impact: Ongoing DOJ investigation + civil suits over failure to protect user data

Why It Happened

Despite their size and resources, both organizations relied on third parties to access critical systems using traditional identity-based methods—typically usernames and passwords or shared credentials. That’s the problem.

Traditional credential models are inherently flawed.
When credentials are managed by people—whether internal staff or external contractors—they can be phished, shared, reused, sold, or stolen. In both breaches, the attackers didn’t need to break in. They just found someone who already had a key—or made a copy of one.

This is the danger of third-party access in today’s connected supply chains: you inherit every weakness your vendors and partners have.

Here’s how MyCena® makes third-party breaches impossible:

At MyCena® , we’ve eliminated the problem at the root: we remove humans from credential management entirely.

Here’s how MyCena® ’s Multi-Layer Dynamic Access Encryption Security (ML-DAES) prevents third-party credential breaches:

  • Unphishable Credentials: MyCena® generates and encrypts credentials automatically—users never see, create, or share passwords. That means nothing to phish, bribe, or mishandle.
  • Access Segmentation: Third-party access is strictly limited by system and role, and each user only gets access to the specific system they need, preventing attackers from moving laterally.
  • No Visibility = No Theft: Without credentials being visible, they can’t be phished, reused, or sold—even under coercion or bribery.
  • Audit-Ready Logs: Every access action is tracked in real time, ensuring full governance and instant audit-readiness across internal and external users.

With MyCena® , there’s no password reset to steal, no spreadsheet to leak, and no third-party weak link to exploit. Our technology removes the human risk factor by eliminating employee-managed credentials entirely, and third-party access doesn’t mean third-party risk.

Final Thought

The M&S and Coinbase breaches are wake-up calls for every business that shares access with partners, vendors, or contractors. You might trust them but can you trust their cybersecurity practices?

Ask yourself: Would you let vendors make physical copies of your office keys and hand them to unknown staff? That’s exactly what happens when you let humans manage digital credentials.

MyCena® makes that scenario obsolete. With encrypted, automated, segmented access, you stay in control—even when access is shared.

Because when no one sees the keys, no one can steal them.

Ready to make phishing a thing of the past?

Book a demo with MyCena® today and discover how encrypted, employee-free credential management can transform your cybersecurity posture.

MyCena®
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.