Security experts have warned the UK’s leading companies that their data may be unwillingly exposed to compromise after Outpost24 used its threat monitoring tool Blueliv to trawl cybercrime sites for breached credentials and found thousands of corporate emails on the dark web. The cybersecurity firm allegedly discovered over 31,000 usernames and passwords belonging to FTSE 100 firms during the crawl. Roughly three quarters of the credentials are believed to have been stolen via conventional data breaches. However, cybersecurity researchers believe that the remaining quarter was obtained through individually targeted malware infections.
Outpost24 reported that 60% of the credentials came from some of the highest regulated industries, including IT/telecom, energy, and finance. In addition, 81% of FTSE companies had at least one compromised credential posted to the dark web, while almost half had 500 logins exposed. Most of the credentials had been exposed on the dark web for over 12 months, meaning that even the most highly regulated firms lack some visibility into risk exposure.
Read More: Researchers Find 31,000 FTSE 100 Logins on Dark Web