Web intelligence firm Recorded Future has recently scoured the Web’s underbelly, including paste sites and forums, for exposed corporate credentials (emails and passwords), and found that 49 percent of Europe’s largest companies have had credentials belonging to their employees exposed online, according to HelpNet Security.
“These 244 companies account for 57% of top banks, 50% of oil and gas producers, and 64% of mobile telecommunications companies in the FT 500 Europe (a Financial Times listing of Europe’s top companies),” the company’s Special Intelligence Desk noted in the report (registration required) released during Infosecurity Europe 2015.
In addition to this, many critical infrastructure companies – utilities, healthcare providers, defense contractors – have had their network credentials exposed on the open Web in just the last six months.
“Most of these exposures occurred outside the companies’ reach due to vulnerabilities in third-party websites or employee use of work email accounts to register for a Web-based service,” the researchers pointed out.
“The presence of these credentials on the open Web leaves these FT Europe 500 companies vulnerable to corporate espionage, socially engineered cyber attacks, and tailored spear-phishing attacks against their workforce.”