“the company was likely breached through a leaked password to an old account that had access to the virtual private network (VPN) used to remotely access the company’s servers. The account reportedly didn’t have multifactor authentication, so the hackers only needed to know the username and the password to gain access to the largest petroleum pipeline in the country.”
https://www.vox.com/recode/22428774/ransomeware-pipeline-colonial-darkside-gas-prices