February 2, 2018 at
The internet that you see isn’t the entire thing, not by a long way. It’s like an iceberg, with a bigger and darker part of the web concealed from the general user base and accessible only through select channels. This dark web is home to a number of dangerous, questionable, and illegal websites and services. It is quite common to find stolen credit card and bank account details on the dark web. However, a recent study has revealed that one particular trove on the dark web contains more than 2.7 million leaked email credentials belonging to Fortune 500 companies.
VeriClouds revealed in a recent report that it discovered 1 out of every 10 Fortune 500 staffer had their email credentials on the dark web. The leaked credentials belong to all the different kinds of businesses in the Fortune 500 group, but the majority of these credentials (20%) belong to the financial sector.
The fact that these credentials have made their way on the dark web isn’t surprising. VeriClouds explained how it is common for leaked data and credentials to pop up on more than one sources on the internet. VeriClouds also stated that the amount of leaked data can always increase when a few data breach attack orchestrators get together to pool their individual haul as well as by combining it with past data. All this is made available to anyone willing to pay the price for the accounts. Some just want to use fake accounts to achieve their malicious purposes, while others deliberately look for accounts from a particular firm so as to gain access to the network.
According to the report, computer and office equipment industry is the weakest of the lot. But in spite of that, it is the commercial bank industry that tops the list of number of compromised passwords with a figure of 109,000. The telecommunications and computer and office equipment industries are close behind the commercial bank industry with 100,000 and 70,000 compromised passwords respectively.
Other data in the VeriClouds report pertains to the statistics of data breach attacks in the aforementioned industries as well as statistics on how much of this data makes its way on the dark web. The worrying sign is that despite data breach attacks becoming more frequent almost by the day, the telecommunications, media, and wholesaler industries saw a rise of 22.4%, 5%, and 2.3% in the number of leaked credentials in 2017 respectively. This is a worrying sign. You would think that after all the major data breach attacks in recent years, everyone would have wised up.
The only consolation in all this – if it can be called a consolation – is that the number of leaked credentials on the dark web has gone down as compared to before. Experts give different reasons for this decrease of 7.5% like some of the major players in the dark web leaked credentials business disappearing. Companies and organizations are urging their employees not to use corporate accounts to sing up for third-party services, which could also be a factor for this reduction.