Cybersecurity firm CybSafe has uncovered more than half a million stolen employee credentials belonging to FTSE 100 companies on criminal websites. The research identified a total of 532,437 unique sets of credentials, including email addresses, usernames, and passwords, available on publicly accessible dark web marketplaces and criminal forums.

The data exposure did not originate from direct breaches of the FTSE 100 corporations. Instead, the credentials were leaked through breaches at third-party sites where employees had used their corporate email addresses to register for services. This practice of password reuse across different platforms is a central element of the findings. The exposed passwords were found in both plaintext and hashed formats.

Scope of the Credential Exposure

The investigation highlights the significant scale of data available to malicious actors. According to the report, the number of publicly available credentials is just “the tip of the iceberg,” with many more believed to be traded privately. The presence of this data on criminal sites creates a direct risk of account takeover, phishing attacks, and other cyber threats aimed at these leading corporations.

Most Affected Companies Identified

The CybSafe report detailed the companies with the highest number of exposed employee credentials. The top five most affected organizations were:

Vodafone: 103,153 credentials
Ernst & Young (EY): 56,193 credentials
BT Group: 43,598 credentials
KPMG: 31,313 credentials
Bupa: 23,283 credentials

Oz Alashe, CEO of CybSafe, commented on the findings by emphasizing that people are the “first and last line of defense” in cybersecurity. The report underscores the security challenges posed when employees reuse work credentials for personal accounts, inadvertently exposing their organizations to third-party data breaches.

Source: https://www.infosecurity-magazine.com/news/half-million-stolen-ftse-100/