21 Million Logins For Top 500 Firms Offered On The Dark Web

According to a recent report by ImmuniWeb, more than 21 million login credentials stolen from Fortune 500 companies have been found in various places on the dark web, many of them already cracked and available in plaintext form.

Most of them were from tech companies, closely followed by organisations in the financial industry. Entities in the healthcare, energy, telecommunications, retail, industrial, transport, aerospace and defence sectors are also on the list.

The researchers reveal a worrying statistic: “95% of the credentials contained unencrypted, or brute-forced and cracked by the attackers, plaintext passwords.”

Despite finding as many as 21 million login records, the report notes that only 4.9 million of them were unique, “suggesting that many users are using identical or similar passwords.”


EXPERTS COMMENTS
Craig Young, , Principal Security Researcher ,  Tripwire
October 31, 2019
This is an interesting glimpse into the inner-workings of underground criminal hacking markets.
This is an interesting glimpse into the inner-workings of underground criminal hacking markets. It illustrates just how easy it can be for an adversary to obtain a foothold into a target organization. Some criminal hackers are very good at spear-fishing or breaching random websites, but may have little ability to directly monetize the information. (Some may be capable but prefer to minimize their ....
[Read More >>]
Stuart Sharp, VP of Solution Engineering,  OneLogin
October 31, 2019
Unless MFA is in place, once login credentials are compromised.
The scariest takeaway from this discovery is that many companies will never know their cloud services have been compromised. It’s only when secret information comes to light in a public domain, or attackers attempt invoice payment redirection that the account compromise becomes obvious. Unless MFA is in place, once login credentials are compromised, attackers can access highly sensitive company ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article