Many organizations rely on multi-factor authentication (MFA) for identity security. But, while MFA provides an extra layer of security, it’s not enough to secure credentials, often creating a false sense of security. As an example, a new threat from cybercriminal group, Lapsus$ Group, appeared on the FBI's most-wanted list in March 2022, with one attack vector standing out: identities compromised with Infostealer Malware. In most cases, when the infection goes unnoticed, this malware obtains credentials saved in victims’ browsers. Hours, days, or years later, credentials to corporate or personal infrastructures are obtained by threat actors, who are able to seamlessly hijack sessions undetected, by appearing as an employee. In this session we will look at the leaked credential data cluster that Recorded Future built to understand how this affects customers and what actions that can be taken.