Millions of Fortune 500 companies' login credentials found on Dark Web

Fortune 500 companies' login data for grabs on the Dark Web: 21 million records, some in plain text

Security researchers found over 21 million passwords on the Dark Web - all of them belonging to Fortune 500 companies

Switzerland-based security company ImmuniWeb published a report that aims to explain the current situation about constantly rising numbers of data breaches and their impact on various industries. The firm found over 21 million credentials belonging to the Fortune 500 companies,^[1] 16 million of which were exposed during the past year.

According to researchers, the statistics data was gathered from all over the publicly-available sources:^[2]

We leveraged our OSINT (Open Source Intelligence) technology built into ImmuniWeb® Discovery to crawl generally accessible places and resources within the TOR network, across various web forums, Pastebin, IRC channels, social networks, messenger chats and many other locations notorious for offering, selling or distributing stolen or leaked data.

Of course, the security firm did not try to login to any of the credentials that were found. ImmuniWeb managed to cross-check the accuracy and reliability of compiled data by using machine learning technologies to detect any anomalies and fake leaks.

Cybersecurity disaster: Fortune 500 company representatives still rely on passwords like “123456” or “pass1”

The total number of found credentials that came from Fortune 500 companies was 21,040,296. While the amount of harvested credentials is enormous, the most alarming aspect is that 95% of the records collected by researchers were unencrypted or protected very poorly by weak algorithms and already cracked by the attackers.

Another alarming statistic refers to the unique password count: out of 21 million credentials that were compromised, and researchers found only 4.9 (4,957,093) million unique passwords. Unfortunately, but even representatives of high profile organizations still consider “password1” or “123456” and acceptable safeguard for their accounts. Other most commonly used passwords include:

• 1qaz2wsx
• password
• aaaaaa
• 111111
• welcome
• passw0rd
• abc123, etc.

The most affected industries were Technology, Finance, and Healthcare, while the least credentials were exposed from Aerospace & Defense, Motor Vehicles & Parts and Transportation members. The retail sector was the one that used the least secure passwords – 47,29% of the used passwords were considered weak, as less than eight characters were used, and the words were easily brute-forcible.^[3] ImmuniWeb described these numbers as “astonishing and alarming,” as 11% of the passwords were identical due to using default ones, or bot-created accounts.

The firm rated companies based on their security levels, A being the best while F is representing the weakest protected firms. According to researchers, the low web security grade was directly proportional to the number of exposed credentials.

Industries have a lot to learn when it comes to cybersecurity and safe credential practices

ImmuniWeb said that 4 billion credentials were compromised^[4] in Q1 2019 in 4,000 breaches, which is a growth of 50% compared to the same period last year. Additionally, the “Have I been pwned” website released by Microsoft security researcher Try Hunt currently stores over 8 billion records gathered from such breaches like Collection #1^[5] – available for everybody to check whether their credentials were compromised during a certain data breach.

While ImmuniWeb claimed that “over half of the publicly accessible data is outdated or fake, or just comes from historical breaches in a false pretense to be newly compromised records,” the real entries can be used for future spear-phishing, social engineering, and password re-use attacks.

The security firm advised organizations to enforce organization-wide password security policies, such as the implementation of two-factor authentication, as well as the usage of outside sources, such as third-party risk assessment services. ImmuniWeb also said that investment into cybersecurity awareness among the employees is also as equally important as the establishment of the security infrastructure.

CEO and Founder of ImmuniWeb concluded with the following:

A well-thought, coherent and holistic cybersecurity and risk management program should encompass not just your organization but third parties in a continuous and data-driven manner.