Credentials for over 5.5 million employees of the world’s largest companies have been found online, as large-scale data leaks become the norm.

According to a recent report from cyber security company Digital Shadows, 97 percent of the 1000 largest companies had suffered compromise of employee credentials, comprising email and password combinations. The source for the companies list was the Forbes 2000 list.

Digital Shadows looked at data dumped from data breaches, including those of LinkedIn, MySpace, Adobe and Ashley Madison, and found that many users of these services had reused corporate emails and passwords; this could potentially leave their employers open to cyber attack.

The main sources of the data were leaks from LinkedIn and Adobe, which produced 1,636,909 and 1,372,229 credentials respectively.

Digital Shadows said it was unsurprising that this was the case as they were services that employees could have signed up to with work accounts.

However, the company said that the release of credentials from MySpace and Ashley Madison were more concerning, suggesting that work credentials were regularly being used for non-work related activities.

iMesh also contributed 265,466 credentials.

Digital Shadows said that companies should first verify whether the breach information was unique before embarking on potentially costly or time-consuming resets of passwords.

In fact, 10 percent of the claimed leaked credentials in the report were duplicates, equal to around over 500,000 credentials.

The report also emphasised that not all the breach data was of the same quality, with some of the passwords stored in encrypted forms.

“Even with unique leaked credentials identified and passwords reset, compromised credentials hold significant value for cybercriminals,” wrote Digital Shadows in a blog.

“The information can be used for botnet spam lists, extortion attempts (as was the case with Ashley Madison), spear-phishing, and account takeover.”

“Companies need to develop an understanding of the impact of these data breaches.”