Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Stolen credentials on the Dark Web

1 October 2019 Information Security, Security Services & Risk Management

Web security company, ImmuniWeb, has conducted research into the state of stolen credentials available on the Dark Web, which are being exploited by cybercriminals for spear-phishing and password re-use attacks against the highest-grossing global public and private companies - the Fortune 500.

ImmuniWeb used its all-in-one ImmuniWeb Discovery application discovery and inventory service solution to crawl generally accessible places and resources within the TOR network, across various Web forums, Pastebin, IRC channels, social networks, messenger chats and many other locations notorious for offering, selling or distributing stolen or leaked data.

Key findings: passwords

Over 21 million (21 040 296) credentials belonging to Fortune 500 companies, among which over 16 million (16 055 871) were compromised during the last 12 months.

As many as 95% of the credentials contained unencrypted, or brute-forced and cracked by the attackers, plaintext passwords.

Perhaps unsurprisingly, technology was the industry with the largest volume of credentials exposed in breaches of adult-oriented websites and resources, followed by financials and energy.

There were only 4,9 million (4 957 093) fully unique passwords amid the 21 million records, suggesting that many users are using identical or similar passwords.

One of the most common passwords in most of the industries researched was password.

Retail was the industry with the highest number of weak or default passwords.

Approximately 42% of the stolen passwords are somehow related either to the victim’s company name or to the breached resource in question, making password brute-forcing attacks highly efficient.

On average, 11% of the stolen passwords from one breach are identical - pointing to usage of default passwords, proliferation of spam and data scraping bots creating accounts, or a previous password reset setting an identical password to a large set of accounts.

Key findings: domains

The number of squatted domains and phishing websites per organisation is proportional to the total number of exposed credentials. The more illegitimate resources exist, the more credentials can be found for the organisation’s personnel.

The number of subdomains with failing Web security grade (C or F) is proportional to the number of exposed credentials. The more poorly secured a website is, the more credentials can be found for the organisation’s personnel.

Key findings: data

Over half of publicly accessible data is outdated or fake, or just comes from historical breaches in a false pretence to be newly compromised records.

The most popular sources of the exposed breaches were:

1.Third parties (e.g. websites or other resources of unrelated organisations).

2.Trusted third parties (e.g. websites or other resources of partners, suppliers or vendors).

3.The companies themselves (e.g. their own websites or other in-house resources).

Ilia Kolochenko, CEO and founder of ImmuniWeb, commented: “These numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive zero-day or time-consuming APTs (the Klondike Gold Rush was a migration by an estimated 100 000 prospectors to the Klondike region of the Yukon, in north-western Canada, between 1896 and 1899). With some persistence, they easily break in, being unnoticed by security systems and grab what they want. Worse, many such intrusions can technically not be investigated due to lack of logs or control over the breached [third-party] systems.

In the era of cloud, containers and continuous outsourcing of critical business processes, most organisations have lost visibility and thus control over their digital assets and data. You cannot protect what you don’t see, likewise you cannot safeguard the data if you don’t know where it’s being stored and who can access it. Third-party risks immensely exacerbate the situation by adding even more perilous unknowns into the game.

A well-thought, coherent and holistic cybersecurity and risk management programme should encompass not just your organisation but third parties in a continuous and data-driven manner.

Full research and infographics at: https://www.immuniweb.com/blog/stolen-credentials-dark-web-fortune-500.html




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...
Industrial sector is a primary cyber target
Information Security
Threats in industrial environments are distributed with striking uniformity: APT-driven incidents constitute 17,8%, malware 14,9% and social engineering 13,9%. This pattern suggests that industrial organisations attract a broad range of adversaries with different capabilities and objectives.

Read more...
Key attributes of an effective cybersecurity leader
BlueVision Information Security
In an evolving technology landscape, an effective cyber leader must combine technical acumen, foresight, and adaptive leadership to mitigate risks, and risks can only be mitigated once accurately identified and remedial processes are in place.

Read more...
Employees are SA’s biggest cyber threat
Security Services & Risk Management Information Security
South Africa experienced a 46% increase in insider cyber risk in 2026, surpassing the global average of 44%. What is more, 63% of South African companies surveyed expect insider-driven data losses to increase.

Read more...
The post-Q1 security checklist
Asset Management Security Services & Risk Management
By this time of year, employees have changed jobs or roles, suppliers may have changed, and devices have moved between offices, homes, and sites. This is the right time for businesses to run a practical post-Q1 security check.

Read more...
PoPIA turns its attention to gated access
News & Events Security Services & Risk Management
The Information Regulator has gazetted its proposed Code of Conduct for the processing of personal information at gated access points. At 65 pages long, the code signals a significant shift in how personal information is collected and managed at entry points.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.