Researchers fish out Fortune 500 companies' passwords from Dark Web. Guess the common one!

Researchers have traced more than 21 million credentials linked to Fortune 500 companies that were traded in Dark Web marketplaces

Data breaches have provided fodder for Dark Web marketplaces, where cyber-criminals trade the stolen credentials. Researchers have traced more than 21 million credentials linked to Fortune 500 companies.

"We found over 21 million (21,040,296) credentials belonging to Fortune 500 companies, amid which over 16 million (16,055,871) were compromised during the last 12 months. As many as 95 percent of the credentials contained unencrypted, or bruteforced and cracked by the attackers, plaintext passwords," read a blog post by Immuniweb.

Of the industry sectors affected, technology lead the stack with 5,071,144 leaked credentials. Most of the data breaches resulted from the elementary fault of weak passwords, said the report. Nearly 20 million passwords were accessed, of which only 4.9 million were unique.

IndustryTop 5 Passwords
Technology passw0rd
1qaz2wsx
career121
abc123
password1
Financials                                    456a33
student
old123ma
welcome
123456
Health Care Exigent
password
pass1
000000
123456
Industrials 12345678
!qaz1qaz
passer
comdy
password
Energy password
123456
snowman
old123ma
789_234
Telecommunications cheer!
welcome
password
66936455
password1
Retail 111111
soccer1
123456789
abc123
password
Transportation pass1
123456789
cheezy
aaaaaa
112233
Motor Vehicles & Parts password
111111
penispenis
123456
3154061
Aerospace & Defence password1
opensesame
carrier
password
123456


"Cyber-criminals are smart and pragmatic. They focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs," commented Ilia Kolochenko, CEO and founder of ImmuniWeb.

"With some persistence, they easily break-in being unnoticed by security systems and grab what they want. Worse, many such intrusions are technically non-investigable due to lack of logs or control over the breached [third-party] systems," he said.

The lax attitude on password management makes things easier for cyber-criminals. Approximately 42 percent of the stolen passwords were somehow related either to the victim’s company name or to the breached resource in question. On an average, 11 percent of the stolen passwords from one breach are identical. The most common password? Password!

"The scariest takeaway from this discovery is that many companies will never know their cloud services have been compromised. It’s only when secret information comes to light in a public domain, or attackers attempt invoice payment redirection that the account compromise becomes obvious," said Stuart Sharp, VP of solution engineering at OneLogin.

Third parties (websites or other resources of unrelated organisations) and associates (websites or other resources of partners, suppliers or vendors) topped the list of the most popular sources of the exposed breaches.

"In the era of cloud, containers and continuous outsourcing of critical business processes, most organisations have lost visibility and thus control over their digital assets and data. You cannot protect what you don’t see, likewise you cannot safeguard the data if you don’t know where it’s being stored and who can access it. Third-party risks immensely exacerbate the situation by adding even more perilous unknowns into the game," said Kolochenko.

"Unless multi-factor authentication is in place, once login credentials are compromised, attackers can access highly sensitive company information. Organisations need to constantly audit cloud services and control access and protect authentication and authorisation using a combination of Privileged Access Management and MFA," observed Sharp.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews