Not till long ago, getting user credentials by an attacker was equivalent to getting access to all their data, so cred-theft was a thing. Now with MFA and SSO, an admin should sleep better at night… But an attacker needs access more than she needs the creds themselves, and now,