SpyCloud, a SaaS-based cybersecurity company mostly known for its distinctive anti-fraud platform powering account takeover prevention and fraud investigations solutions, has rolled out its 2021 yearly report on password vulnerability. In their report, they mentioned that in a recent discovery, their security researchers had identified nearly 26 million business account credentials and over 543 million breach assets of the Fortune 1000 company's employees possessed by the cybercriminal hosted in the criminal underground.

In a statement passed by the Vice President of Product Management at SpyCloud Chip Witt said.

"Year after year, studies show that the use of weak and stolen credentials is the most common hacking tactic for cybercriminals, yet 76 percent of employees at the world's largest companies are still reusing passwords across personal and professional accounts."

"People don't seem to realize just how often their credentials end up in criminal hands or how stolen passwords can be used to access other accounts they think are safe."

Password reusability has emerged out to be the most critical human error behind various cyber-attacks across cyberspace, and irrespective of much awareness regarding security guidelines, its fatal consequences that warn against such behavior, many employees, even at the executive level, use corporate credentials as personal logins for other accounts.

When those third-party sites are subject to data breaches, reused employee logins provide criminals with easy access to corporate systems and networks.

SpyCloud 2021 Report Analysed the breach exposure of the Fortune 1000 is broken down by data type and sector to reveal the scope of breach exposure facing the largest U.S. companies across different industries.

Key Findings

• The credentials of 133,927 C-level Fortune 1000 executives are available for sale on the dark web.
• At 552,601 per company, employees in the telecommunications sector have by far the highest average number of exposed credentials.
• Thirteen thousand eight hundred ninety-seven technology sector employees' corporate or personal systems appear to be infected with credential-stealing malware.
• In addition to corporate credentials, breaches regularly expose a wealth of personally identifiable information (PII) that enables bad actors to bypass security measures, take over accounts, and compromise enterprise networks. Over 281M PII assets of Fortune 1000 employees are available to cybercriminals.
• Despite constant warnings about the high risk of using weak passwords, "123456" and "password" are still the most commonly used among employees.
• At 85 percent, the media industry has the highest rate of password reuse. Media professionals also show an affinity for using specific passwords that would be inappropriate to publish here.

Researchers for the report analyzed data from the world's largest repository of recovered stolen credentials and PII. SpyCloud continually monitors the criminal underground for breach data that has become available to cybercriminals, using human intelligence to gain access to stolen data as soon as possible after a breach occurs and far before that data appears on the dark web.

"Especially with millions of people still working from home, enterprises must be able to trust the identities of the employees, consumers, and suppliers accessing their networks," continued Witt.

"The best way to prevent accounts from being taken over is to identify compromised credentials quickly after a breach and mitigate before criminals have time to use them. That requires a comprehensive, continuously updated database of breach data that security leaders can use to keep corporate accounts safe."