Over 31,000 stolen and leaked credentials from the FTSE 100 on the Dark Web

Stolen user logins and passwords pertaining to the world’s largest companies are exposed and traded by cybercriminals on the open, deep and dark web

London, May 10, 2022Outpost24, an innovator in identifying and managing cybersecurity exposure, today announced the results of its 2022 FTSE 100 Credential Theft Study outlining the number of breached credentials from the UK’s most profitable companies online – ready to be exploited by threat actors.

The Financial Times Stock Exchange (FTSE) 100 Index is made up of the 100 biggest companies by market capitalisation on the London Stock Exchange. These companies represent some of the most influential and profitable enterprises on the market across various industry verticals. Within the FTSE 100 list, Outpost24 isolated the companies into eight key industries: Finance, IT/Telecom, Energy and Utilities, Healthcare, Transport, Retail, Construction, and Hospitality.

Using our threat monitoring and auditing tool Blueliv, we found up to 31,135 exposed user credentials belonging to FTSE 100 companies on the open, deep and dark web. In fact, 75% of these credentials were stolen through data breaches and 25% were unknowingly obtained via malware infection/stealer. Of this number, over 60% of the stolen user logins and passwords came from three of the highest regulated industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%) amongst the world’s biggest companies.

Ransomware groups from Conti to REvil are known to use stolen credentials to gain initial access, and the Colonial Pipeline take down was a prime example of the danger of even a single compromised password. Compromised credentials offer threat actors the fastest path into a company’s network and is a common issue that can go undetected if left un-monitored.

Further details of the study highlights:

  • The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web
  • Nearly half (42%) of FTSE 100 companies have more than 500 unique, compromised user logins exposed on the dark web, putting them at risk of credential-based attacks
  • Up to 20% of the stolen credentials for FTSE 100 companies were stolen via malware infection and stealers
  • 11% of the breached credentials were disclosed in the last three months (21% in the last 6 months and over 68% has been exposed for over 12 months)
  • Industry breakdown
    • IT/Telecom is the most at risk. The sector has the highest amount (7303) and average stolen credential per company (730). They are also most affected by malware infection
    • On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they have found themselves increasingly in the cybercriminals’ crosshairs since the pandemic.

Corporate credential theft is usually a targeted effort and make FTSE 100 companies especially vulnerable because many see them as “big game hunting”. “Once an unauthorised third party or initial access broker get hold of user logins and passwords, they can sell the credentials on the dark web to an aspiring hacker, or use them to compromise an organization’s network by bypassing security measures and moving laterally within to steal critical data and cause disruption,” said Victor Acin, Labs Manager at Blueliv, an Outpost24 company.

“Stolen credentials are dangerous because there is very little that can be done to identify and detect once an intruder is inside your system. Therefore, it’s important to proactively monitor stolen credentials and alert security to reset passwords upon discovery to reduce risk.”

About Outpost24

The Outpost24 group helps organizations limit their digital exposure with a complete range of cyber risk management solutions. Outpost24’s cloud platform unifies asset inventory, automates security assessments, and quantifies risk in business context. Executives and security teams around the world trust Outpost24 to prioritize the most important security issues across their entire IT infrastructure for accelerated risk reduction. Founded in 2001, Outpost24 is headquartered in Sweden, with additional offices in the US, the UK, the Netherlands, Belgium, Denmark, France, and Spain.