Despite all the money organizations spend on cybersecurity, some continue to shoot themselves by ignoring basic cybersecurity practices. The latest example is last week’s compromise of cellular carrier Orange Spain. A threat actor infiltrated an administrator's computer and stole their login credentials to a regional IP network coordination center called RIPE. The administrator's password was 'ripeadmin', which could have been guessed. The IP network account was not protected with multifactor authentication, allowing malware to be planted on the user's machine. The stolen administrator credential has been available for sale on a criminal marketplace since August. It is unclear how the admin's computer was compromised, but it is likely they fell for a phishing or social media scam. Orange Spain customers lost connectivity for several hours.