Login details for millions of corporate accounts have been put up for sale on the dark web, new reports have claimed.
Research from ImmuniWeb found over 21m credentials belonging to Fortune 500 companies available to puchase online, with over 16m of these being compromised during the last 12 months.
Upon examining the credentials, the firm discovered that as many as 95 percent of them contained unencrypted plaintext passwords.
- The dark web represents only a fraction of the rest of the internet
- Half of malicious emails tied to credential phishing
- Breaking the credential reuse cycle
The company used its Open Source Intelligence (OSINT) technology to crawl through generally accessible places and resources on the Tor network, across various web forums, Pastebin, IRC channels, social networks, messenger chats and other locations known for offering, selling or distributing stolen or leaked data.
Stolen credentials
According to ImmuniWeb, the most popular sources of the exposed breaches were third parties, trusted third parties which includes partners, suppliers or vendors and the companies themselves.
The firm did not try to login into any of the accounts it found and instead, ImmuniWeb verified their accuracy and reliability be correlating, cross-checking and juxtaposing the data from different public sources aided by machine learning. Its own machine learning models were also used to find anomalies and spot fake leaks, duplicates or default passwords which were set automatically.
When it came to the industries with the highest number of stolen credentials, technology (5m) took the top spot followed by financials (4.9m) and healthcare (1.9m).
Out of the 21m credentials ImmuniWeb discovered, only 4.9m were fully unique passwords which suggests that many users are using identical or similar passwords. In the technology sector for example, password, 1qaz2wsx, career121, abc123 and passwordI were the top five passwords.
Of the industries examined by ImmuniWeb, the retail sector had the highest percentage of weak passwords at 47 percent followed by telecommunications at 37.57 percent and industrials at 37.36 percent.
CEO and founder of ImmuniWeb, Ilia Kolochenko provided further insight on the report's findings, saying:
“These numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs. With some persistence, they easily break-in being unnoticed by security systems and grab what they want. Worse, many such intrusions are technically uninvestigable due to lack of logs or control over the breached [third-party] systems.”
- Protect your devices with the best antivirus software
