Threat actors are distributing more than 21 million login details for Fortune 500 companies on the dark web, security researchers with ImmuniWeb have discovered by crawling underground market places, forums and other sites. Over 16 million of the credentials were stolen in the past year.
According to the report “95% of the credentials contained unencrypted, or brute-forced and cracked by the attackers, plaintext passwords.” The technology and financial sectors each account for about 5 million stolen credentials. Other sectors with over 1 million compromised credentials are health care, industrials, energy and telecommunications.
Read more: 21 Million Logins for Top 500 Firms Offered on the Dark Web