Over 31,000 leaked credentials from FTSE 100 end up on Dark Web

Outpost24 has published its 2022 FTSE 100 Credential Theft Study outlining the number of breached credentials from the UK’s most profitable companies that end up on the dark web.

The Financial Times Stock Exchange (FTSE) 100 Index is made up of the 100 biggest companies by market capitalisation on the London Stock Exchange. These companies represent some of the most influential and profitable enterprises on the market across various industry verticals. 

It was found that the majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web.

Using its threat monitoring and auditing tool Blueliv, it found up to 31,135 exposed user credentials belonging to FTSE 100 companies on the open, deep and dark web. In fact, 75% of these credentials were stolen through data breaches and 25% were unknowingly obtained via a malware infection.

Of this number, over 60% of the stolen user logins and passwords came from three of the highest regulated industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%) among the world’s biggest companies.

Ransomware groups from Conti to REvil are known to use stolen credentials to gain initial access, and the Colonial Pipeline take down was a prime example of the danger of even a single compromised password.

Compromised credentials offer threat actors the fastest path into a company’s network and is a common issue that can go undetected if left unmonitored.

Further details of the study highlights:      

• The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web
• Nearly half (42%) of FTSE 100 companies have more than 500 unique, compromised user logins exposed on the dark web, putting them at risk of credential-based attacks      
• Up to 20% of the stolen credentials for FTSE 100 companies were stolen via malware infection and stealers      
• 11% of the breached credentials was disclosed in the last three months (21% in the last 6 month and over 68% has been exposed for over 12 month)
• Industry breakdown
  • IT/Telecom is the most at risk. The sector has the highest amount (7303) and average stolen credential per company (730). They are also most affected by malware infection
  • On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they have found themselves increasingly in the cybercriminals’ crosshairs since the pandemic.

Corporate credential theft is usually a targeted effort and makes FTSE 100 companies especially vulnerable because many see them as “big game hunting”. “Once an unauthorised third party or initial access broker get hold of user logins and passwords, they can sell the credentials on the dark web to an aspiring hacker, or use them to compromise an organization’s network by bypassing security measures and moving laterally within to steal critical data and cause disruption,” says Victor Acin, Labs Manager at Blueliv, an Outpost24 company.

“Stolen credentials are dangerous because there is very little that can be done to identify and detect once an intruder is inside your system. Therefore, it’s important to proactively monitor stolen credentials and alert security to reset passwords upon discovery to reduce risk.”

The full Outpost24 2022 FTSE 100 Stolen and Leaked Credentials report can be accessed here.