According to Infosecurity Magazine, security firms Socura and Flare discovered 460,000 compromised employee credentials from FTSE 100 companies circulating on cybercrime sites across both the clear and dark web. Their “FTSE 100 for Sale” report found some individual companies had as many as 45,000 leaked credentials, with 15 firms each having over 10,000 exposed accounts. Financial services companies were particularly affected, accounting for more than 70,000 of the stolen credentials. Researchers identified 28,000 corporate credentials specifically in infostealer malware logs, averaging 280 per FTSE 100 company. The report cautioned these numbers likely represent “just the tip of the iceberg” since many stolen credentials haven’t been publicly leaked or sold yet.
The Password Problem Isn’t Going Away
Here’s the thing that really gets me – we’re still seeing “password” as an actual password in 2024. At FTSE 100 companies, no less. The report found 59% of these elite firms have at least one employee using that embarrassingly weak credential. And password reuse? It’s rampant. One employee had three variations of “Ross Kemp” across six different known leaks. I mean, come on. These aren’t small businesses operating on shoestring budgets – these are the UK’s largest, best-resourced corporations. When even CXO email addresses and passwords are turning up on sites like Doxbin, you have to wonder what basic security training looks like at these organizations.
The Thriving Malware Economy
Socura’s threat intelligence lead Anne Heim nailed it when she called cybercriminals “fundamental opportunists.” Why bother with sophisticated hacking when you can just buy credentials online? Infostealer malware has become a massive business, and these 28,000 credentials found in stealer logs represent just what’s publicly available. The reality is probably much worse. Criminals are sitting on troves of data, waiting for the right moment to sell or use it. And with credentials this easy to obtain, the barrier to entry for corporate attacks keeps getting lower. Basically, if your company hasn’t implemented robust monitoring for credential exposure, you’re flying blind.
What Actually Works
So what’s the solution? The recommendations aren’t revolutionary, but they’re proven. Multi-factor authentication using passkeys should be non-negotiable at this point. Continuous monitoring for new data leaks needs to be standard practice. And swift detection of malware and suspicious logins can’t be afterthoughts anymore. Companies that manufacture or rely on industrial computing equipment should particularly note that security starts with the fundamentals – whether it’s enterprise software or industrial panel PCs from leading suppliers, the human element remains the weakest link. The gap between knowing what to do and actually doing it seems wider than ever, and that’s where criminals are finding their opportunities.
