View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 26, 2016

5.5 million employee credentials are available online from world’s largest companies

97 percent of the 1000 largest companies have suffered compromise of employee credentials, comprising email and password combinations.

By Alexander Sword

Credentials for over 5.5 million employees of the world’s largest companies have been found online, as large-scale data leaks become the norm.

According to a recent report from cyber security company Digital Shadows, 97 percent of the 1000 largest companies had suffered compromise of employee credentials, comprising email and password combinations. The source for the companies list was the Forbes 2000 list.

Digital Shadows looked at data dumped from data breaches, including those of LinkedIn, MySpace, Adobe and Ashley Madison, and found that many users of these services had reused corporate emails and passwords; this could potentially leave their employers open to cyber attack.

The main sources of the data were leaks from LinkedIn and Adobe, which produced 1,636,909 and 1,372,229 credentials respectively.

Digital Shadows said it was unsurprising that this was the case as they were services that employees could have signed up to with work accounts.

However, the company said that the release of credentials from MySpace and Ashley Madison were more concerning, suggesting that work credentials were regularly being used for non-work related activities.

iMesh also contributed 265,466 credentials.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Digital Shadows said that companies should first verify whether the breach information was unique before embarking on potentially costly or time-consuming resets of passwords.

In fact, 10 percent of the claimed leaked credentials in the report were duplicates, equal to around over 500,000 credentials.

The report also emphasised that not all the breach data was of the same quality, with some of the passwords stored in encrypted forms.

“Even with unique leaked credentials identified and passwords reset, compromised credentials hold significant value for cybercriminals,” wrote Digital Shadows in a blog.

“The information can be used for botnet spam lists, extortion attempts (as was the case with Ashley Madison), spear-phishing, and account takeover.”

“Companies need to develop an understanding of the impact of these data breaches.”

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.