A snapshot of the breach exposure of major enterprises has revealed 23 million pairs of credentials containing Fortune 1000 corporate email addresses and plaintext passwords.
SpyCloud’s database of nearly 100 billion breach assets shows that many employees at Fortune 1000 companies have signed up for a breached third-party site using their corporate email address. Using this data, researchers tied the resulting breach record to their employer – specifically, over 412 million breach assets.
According to the research, over 23 million plaintext credentials tied to Fortune 1000 employees are currently available to cybercriminals on the Dark Web. Some 4 million of them also contain plaintext passwords.
“While not every credential pair will match corporate login details, the ones that do match represent substantial risk for these enterprises—and their customers and partners,” SpyCloud researchers said.
A bird’s eye view by sector quickly reveals some of the industries most affected by this syndrome: Aerospace & Defense, Business Services, Energy, Financials, Healthcare, Technology, Media, and Telecommunications, and many others.
“In theory, corporate passwords should be strong given the importance of the assets they protect and the robust guidance often provided by corporate security teams. In practice, many employees practice bad password hygiene at work,” researchers said.
Across those exposed credentials, employees reused passwords at a rate of 76.5%. That includes C-level executives’ credentials. Passwords for more than 120,000 C-level Fortune 1000 executives are available on the criminal underground, researchers warned. Executives are a prime target for whaling campaigns and Business Email Compromise.
Favorite passwords of the Fortune 1000 include, unsurprisingly, 123456, password, and 123456789, as well as “plenty of expletives,” researchers said.
A key finding reveals the Telecommunications sector as the worst offender – its breach exposure far outstripped every other sector examined, with more than 5.5 million exposed credentials.
Researchers reasoned that employee tenure could have something to do with the sector’s high exposure levels.
“Employees who have owned their corporate email accounts for many years would have had plenty of opportunities to use them on third-party sites,” the SpyCloud report says. “Conversely, high levels of churn could also potentially play a part, with many short-term employees racking up a few exposures each before moving on.”
The Technology sector takes second place, and has the highest number of potentially infected employees. Beyond exposed passwords and potentially compromised users, cybercriminals have access to over 200 million pieces of Personally Identifiable Information (PII) tied to Fortune 1000 employees, all of which can be used in targeted attacks.