Fortune 500 Companies : found on dark web 21 million login credentials


The top 5 passwords used by the Technology industry among Fortune 500 Companies were “passw0rd,” and “abc123.”

The dark web is one of those places that is either underestimated or highly exaggerated by many but when it comes to hackers and cybercriminals dark web marketplaces are a safe haven. 

Recently, ImmuniWeb, an IT security company that uses OSINT (Open Source Intelligence) technology to crawl the regular and dark web for leaked or stolen data has discovered a trove of data containing login credentials belonging to Fortune 500 Companies.

In total, the company discovered more than 21 million (21,040,296) login credentials in which over 16 million (16,055,871) were compromised during the last 12 months. The worse part of it is that 95% of these credentials contained unencrypted data including passwords in plaintext format.

In its blog post, ImmuniWeb also revealed sources where these credentials were stolen from:

The most popular sources of the exposed breaches were: Third parties (e.g. websites or other resources of unrelated organizations) Trusted third parties (e.g. websites or other resources of partners, suppliers or vendors) The companies themselves (e.g. their own websites or in-house other resources).

According to the list shared by ImmuniWeb, technology, financial and healthcare sector were among the most targeted companies. Here is the full list:

21 million login credentials of Fortune 500 Companies found on dark web

Screenshot credit: ImmuniWeb

When it comes to passwords, the company found 4.9 million (4,957,093) passwords. The worse part of it is that many users in the “Technology” industry were found using the same or similar passwords on different accounts. Here are the most popular passwords per industry:

21 million login credentials of Fortune 500 Companies found on dark web

According to Ilia Kolochenko, CEO and Founder of ImmuniWeb,

“These numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels.

The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs.

With some persistence, they easily break-in being unnoticed by security systems and grab what they want.

Worse, many such intrusions are technically uninvestigable due to a lack of logs or control over the breached [third-party] systems.”

This, however, is not the first time when Fortune 500 Companies have headlines for all the wrong reasons. Last year, cyberinfrastructure of 3 of 5 Fortune 500 companies was found vulnerable due to ManageEngine flaws allowing attackers to gain administrator type control of the system.

Moreover, Quest Diagnostics, a Fortune 500 company that mainly provides diagnostic services suffered a data breach when personal information of nearly 11.9 million customers was exposed after its web payment page was accessed by an unauthorized individual.

However, companies in other industries are not far behind in this. Most industries in the top ten with the weakest passwords from ImmuniWeb’s report have a third or more logins that could be cracked in seconds.

The researchers note that about 11% of the passwords from a data breach are identical. This could be explained by the use of default passwords, bots creating accounts.

A reset procedure that defined the same password for a large number of accounts is another possibility, ImmuniWeb says.

Additionally, there may be a connection between the number of subdomains with a poor web security grade (C or F) and the exposed credentials as they are proportional.

Ilia Kolochenko, CEO and Founder of ImmuniWeb says that cybercriminals focus on the shortest, least resistant path to get what they want. Given the login data in the report, they have no trouble getting their prize.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.