See how identity gaps—left unmonitored—led to major security incidents. This timeline breaks down what went wrong

mgmMicrosoft_logoChange Logoat&t-logo_brandlogos.net_57cukicons8-disney-logo-96
MGM Resorts (September 2023)
Learn More
A social engineering attack on the MGM help desk let attackers reset MFA on a privileged Okta account, leading to unauthorized access and eventual ransomware.
Microsoft – Midnight Blizzard (January 2024)
Learn More
A state-sponsored threat group used password-spraying to compromise a non-production test account that lacked MFA, granting access to corporate email and internal data.
Change Healthcare (February 2024)
Learn More
Attackers leveraged stolen credentials on a remote Citrix gateway that lacked MFA enforcement, launching a ransomware attack affecting patient data.
AT&T – Snowflake Identities (April 2024)
Learn More
Stolen Snowflake login credentials without enforced MFA let attackers exfiltrate massive volumes of call record data, exposing sensitive information.
Slack at Disney (July 2024)
Learn More
A malware-infected personal device captured an employee’s Slack token, letting attackers impersonate them and steal over 1 TB of internal data.

// Use Cases//

WideField helps IAM and SOC teams monitor, detect, remediate, and prevent identity attacks

// IAM//

WideField helps IAM teams secure identities across posture, authentication, and use. Here's how

Discover Local and Privileged Human and Non-Human Identities

WideField uncovers risky non-federated accounts missed by traditional IAM tools.

Secure Account and Credential Lifecycle

WideField surfaces orphaned accounts and stale credentials missed by your IDP.

Run Posture Scans and Monitor for Identity in Motion (Policy Escapes)

WideField spots policy drift and MFA gaps missed by static IAM controls.

Monitor Non-Human Access and Geo-Fence Service Accounts

WideField detects service account misuse, sharing, and geo anomalies.

// SOC//

WideField equips SOC with the context, control, and automation to investigate, respond, and contain identity threats in real time

Investigate a Finding and Perform Ad-Hoc Remediation

WideField reveals identity abuse with rich context and real-time response tools.

Policy-Based Automatic Remediation

WideField automates identity threat response based on risk and policy context.

Investigate Any Identity — From Posture to Activity

WideField gives SOC teams a full identity view to accelerate investigations.

// CISO//

CISOs need clear, actionable insight into identity risk across the enterprise. WideField delivers executive-level visibility, daily posture reporting, and metrics that map directly to organizational priorities

Understand Organizational Identity Risk

CISOs need a daily identity risk report with insights to guide security efforts.

Copyright © WideField Security 2026
widefieal Logo