Employees using enterprise credentials to register accounts on other sites put their companies at risk

Sep 25, 2016 21:05 GMT  ·  By

An analysis of the Forbes Top 1000 companies reveals that 97 percent of all organizations have been affected by recent data breaches at large Internet services.

Researchers from Digital Shadows said they'd found 5,550,485 credentials associated with enterprise email addresses or users related in some other form with these Forbes Top 1000 companies.

These credentials were leaked in data breaches at other services, where these employees had registered accounts with their corporate credentials.

Password reuse is a clear danger for their native organizations, who now must scan the Dark Web for recent breaches and make sure none of their employees had carelessly exposed their network.

But even if companies managed to change overlapping and shared passwords, they remain at risk, most notably from spear-phishing.

Crooks now have lists of addresses of certified employees working for certain companies. They can use these emails to deliver spam, knowing they'll have a good chance of infecting a corporate computer with malware, and escalate their access to other network sections from there.

The most significant sources for these credentials is the LinkedIn breach, where Digital Shadows found 1,636,909 enterprise-related user credentials.

Other sources include the Adobe breach from a few years back with 1,372,229 credentials, the MySpace breach with 1,169,465 credentials, and surprisingly two breaches from dating sites iMesh, with 265,466 credentials, and Ashley Madison, with 216,854 credentials.

Most impacted industry vertical is the technology sector, with 2.5 million leaked corporate-tied credentials, followed by the entertainment field, financial services, and oil, gas, and utilities.

Most significat breaches for Top 1000 companies
Most significat breaches for Top 1000 companies

Photo Gallery (2 Images)

Geographical spread of most exposed companies
Most significat breaches for Top 1000 companies
Open gallery