Millions of stolen corporate logins are available to buy online

Millions of stolen corporate credentials are available for sale on the dark web which is why ImmuniWeb decided to analyze both the quality and quantity of these stolen credentials to compile its new State of Stolen Credentials in the Dark Web from Fortune 500 Companies report.

The firm leveraged its Open Source Intelligence (OSINT) technology to crawl through generally accessible places and resources on the Tor network, across various web forums, Pastebin, IRC channels, social networks, messenger chats and other locations known for offering, selling or distributing stolen or leaked data.

In total, ImmuniWeb found over 21m credentials that belonged to Fortune 500 companies and surprisingly over 16m of these logins were compromised during the last 12 months.

Upon examining the credentials, the firm discovered that as many as 95 percent of them contained unencrypted plaintext passwords.

Stolen credentials

According to ImmuniWeb, the most popular sources of the exposed breaches were third parties, trusted third parties which includes partners, suppliers or vendors and the companies themselves.

The firm did not try to login into any of the accounts it found and instead, ImmuniWeb verified their accuracy and reliability be correlating, cross-checking and juxtaposing the data from different public sources aided by machine learning. Its own machine learning models were also used to find anomalies and spot fake leaks, duplicates or default passwords which were set automatically.

When it came to the industries with the highest number of stolen credentials, technology (5m) took the top spot followed by financials (4.9m) and healthcare (1.9m).

Out of the 21m credentials ImmuniWeb discovered, only 4.9m were fully unique passwords which suggests that many users are using identical or similar passwords. In the technology sector for example, password, 1qaz2wsx, career121, abc123 and passwordI were the top five passwords.

Of the industries examined by ImmuniWeb, the retail sector had the highest percentage of weak passwords at 47 percent followed by telecommunications at 37.57 percent and industrials at 37.36 percent.

CEO and founder of ImmuniWeb, Ilia Kolochenko provided further insight on the report's findings, saying:

“These numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs. With some persistence, they easily break-in being unnoticed by security systems and grab what they want. Worse, many such intrusions are technically uninvestigable due to lack of logs or control over the breached [third-party] systems.”

No comments yet.

Leave a Reply

in development