Kandek said the compromise seemed to involve credential theft. If that's the case, then having two-factor authentication in place might have prevented the hackers from accessing the accounts on computers not recognized by the sites.
Security breaches are inevitable for most organizations, so the strongest defense is to follow best practices and security standards relevant to the business, Larry Slobodzian, senior solutions engineer for LockPath, said.
In addition, a data audit should be done, so security measures can be reinforced around the most sensitive information, and an up-to-date plan should be in place that describes how to respond when a system is hacked.
"It's a proactive approach before the breach happens," Slobodzian said.
Sign up for CIO Asia eNewsletters.