Millions of stolen corporate logins leaked online

(Image credit: Pixabay)

Login details for millions of corporate accounts have been put up for sale on the dark web, new reports have claimed.

Research from ImmuniWeb found over 21m credentials belonging to Fortune 500 companies available to puchase online, with over 16m of these being compromised during the last 12 months.

Upon examining the credentials, the firm discovered that as many as 95 percent of them contained unencrypted plaintext passwords.

The company used its Open Source Intelligence (OSINT) technology to crawl through generally accessible places and resources on the Tor network, across various web forums, Pastebin, IRC channels, social networks, messenger chats and other locations known for offering, selling or distributing stolen or leaked data.

Stolen credentials

According to ImmuniWeb, the most popular sources of the exposed breaches were third parties, trusted third parties which includes partners, suppliers or vendors and the companies themselves.

The firm did not try to login into any of the accounts it found and instead, ImmuniWeb verified their accuracy and reliability be correlating, cross-checking and juxtaposing the data from different public sources aided by machine learning. Its own machine learning models were also used to find anomalies and spot fake leaks, duplicates or default passwords which were set automatically.

When it came to the industries with the highest number of stolen credentials, technology (5m) took the top spot followed by financials (4.9m) and healthcare (1.9m).

Out of the 21m credentials ImmuniWeb discovered, only 4.9m were fully unique passwords which suggests that many users are using identical or similar passwords. In the technology sector for example, password, 1qaz2wsx, career121, abc123 and passwordI were the top five passwords.

Of the industries examined by ImmuniWeb, the retail sector had the highest percentage of weak passwords at 47 percent followed by telecommunications at 37.57 percent and industrials at 37.36 percent.

CEO and founder of ImmuniWeb, Ilia Kolochenko provided further insight on the report's findings, saying:

“These numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs. With some persistence, they easily break-in being unnoticed by security systems and grab what they want. Worse, many such intrusions are technically uninvestigable due to lack of logs or control over the breached [third-party] systems.”

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.