After ransomware attack, company finds 650+ breached credentials from NEW Cooperative CEO, employees

Digital identity management firm FYEO says it has discovered hundreds of instances of breached credentials from employees of NEW Cooperative, the Iowa-based farm service provider hit with a ransomware attack in recent days. 

Tammy Kahn, COO of FYEO, told ZDNet that when researchers searched through the company’s database, they found 653 instances of breached credentials connected to NEW Cooperative.

The password “chicken1” was common among the company’s 120 employees and was used over 10 times.

Kahn added that the firm’s CEO Brent Bunte appeared to have the second highest number of instances of breached credentials while other current executives also had passwords that had been leaked. 

NEW Cooperative did not respond to multiple requests for comment.

“The NewCoop ransomware situation is concerning for a number of reasons, the first being that hackers are still going after critical infrastructure and seeking to disrupt supply chains even when explicitly stating otherwise. Beyond that, it’s indicative of a larger problem: password management,” Kahn said. 

“We saw that the Colonial Pipeline breach was ultimately a result of a bad password, and it’s likely a similar case here. A majority of internet users and the companies they work for are likely sitting ducks for hackers as they have a limited number of stale passwords and believe someone else should take responsibility for cybersecurity.”

FYEO built an active domain intelligence database of over 20 billion leaked credentials and passwords, offering alerts any time email addresses and passwords resulting from third party breaches appear on the darknet. 

By running the domain through the database, they found the 653 instances of credentials that have previously been exposed.

Dozens of studies — and previous ransomware incidents or breaches — have shown that leaked passwords are one of the easiest ways cyberattackers routinely gain access to systems. The problem has gotten so bad that some companies, like Microsoft, are doing away with passwords altogether. 

“Until organizations find ways to empower their employees to…