A new report from cybercrime analytics service SpyCloud Inc. finds that the number of data breaches and exfiltrated data from Fortune 1000 companies on the dark web has risen 7% year-over-year, putting organizations at more risk of account takeover, session hijacking, fraud and ransomware.

The 2023 Fortune 1000 Identity Exposure Report analyzed the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, including technology, financial services, retailing and media. SpyCloud researchers uncovered 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plaintext passwords, with more than 223,000 exfiltrated by malware.

The discovered passwords enabled easy access to more than 56,000 cloud-based applications, including popular enterprise email, single sign-on, payroll management, hosting and collaboration tools. The researchers also observed a 62% password reuse rate among Fortune 1000 employees who have been exposed more than once.

One standout in the report was the discovery of 1.87 billion malware cookie records tied to Fortune 1000 employees, with most believed to have been exfiltrated by malware. The cookies allow cybercriminals to infiltrate organizations by impersonating legitimate users and gaining access to an active web session, which effectively can bypass security features such as multifactor authentication.

The researchers further identified more than 171,500 Fortune 1000 employees who used an infostealer malware-infected device to log into corporate resources. Infostealers are a form of malware that siphon off data from an infected device or computer, including browser data such as login URLs, usernames, passwords and auto-fill data. The level of exposure is noted in the report as dangerous for industries across the board, as the data can be used to hijack user accounts and business systems long after an infected device is wiped clean.

“Employees using infected corporate or personal devices pose a risk for their organizations,” said Trevor Hilligoss, director of security research at SpyCloud. “As an employee, they may have access to their corporate networks and applications on those devices and stolen data from these devices can be used to harm their employer.”

SpyCloud’s team also identified nearly 31 million malware-infected consumers of Fortune 1000 companies. Using this data, criminals can use credentials, personally identifiable information and other sensitive details to fabricate synthetic identities and then undertake fraud that affects companies directly.

Photo: Pikist