Online credentials creating a gold mine for cyber attackers
For companies that have been the victims of breaches, there are clear reputational, brand, and financial implications.
In Digital Shadows' recent report, "Compromised Credentials, Learn From the Exposure of the World's 1,000 Biggest Companies", the organisation analysed some of the world's largest companies and found that 97% had suffered some sort of leak.
According to the cyber security firm, a ton of stolen credentials are regularly sold, traded and shared online across paste sites and online marketplaces.
For example, Digital Shadows found that actors using the names "Peace of Mind" and "Tessa88" recently put themselves into the media limelight following the public release of the LinkedIn and MySpace databases.
The types of credentials also impacts how the threat actors use them. Whether it is for account takeover, extortion/ransomware, or credential stuffing.
Digital Shadows has also seen "thedarkoverlord" offering multiple healthcare databases on the Real Deal marketplace and, more recently, the claimed Dropbox leak.
Basically, the number of compromised credentials that are available online is staggering, which the company says is providing a gold mine for attackers.
The report shows that the top breaches were social media platforms. Digital Shadows found that, LinkedIn, MySpace and Tumblr breaches were responsible for 30%, 21% and 8% of the total credentials.
So while the number of credentials leaked online for the world's 1,000 biggest organisations is staggering it is important to remember that this is not the whole picture.
It is Digital Shadows understanding that organisations are likely more exposed by third parties and suppliers. Credential compromise affects organisations of all sizes.