🕳️ Vulnerabilities & CVEs

The $70 Helpdesk Ticket: How Password Resets Became the Front Door for Hackers

It costs $70 a pop to reset a forgotten password. But what if that mundane helpdesk ticket is actually a gaping security hole? The M&S breach shows us exactly how.

CVE Watch Apr 24, 2026 4 min read

A diagram illustrating a hacker successfully bypassing security by tricking a helpdesk agent into a password reset.

⚡ Key Takeaways

The password reset process, costing organizations an average of $70 per reset, is a significant target for attackers. 𝕏
Social engineering attacks on helpdesks can bypass MFA by tricking agents into resetting credentials, as seen in the M&S breach. 𝕏
strong identity verification methods, such as multi-factor authentication for helpdesk requests and secure temporary credential delivery, are crucial to prevent breaches. 𝕏

Published by

CVE Watch

Threat intelligence. Zero noise.

#M&S breach #helpdesk security #multi-factor authentication bypass #password reset vulnerability #social engineering

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

CVE Watch

Share this article

Worth sharing?

Related Stories

Axios NPM Hijack: When Social Engineering Goes Factory-Scale

North Korean Hackers' Slick Slack Trick: Inside the Axios npm Compromise

Drift's $285M Nightmare: DPRK's Nonce Social Engineering Masterclass

North Korea's Six-Month Con Job Steals $285M from Solana DEX Drift

Stay in the loop