SpyCloud released “SpyCloud Research: Breach Exposure of the Fortune 1000,” noting that fifty-nine percent of people admit to using the same password everywhere, including fortune 1000 employees, the company reported on Wednesday.
The report noted that password reuse matters because of how often login credentials are exposed to data breaches. An employee who reuses their corporate credentials as personal logins put their employer’s security in the hands of third-party site operators; when some of the sites are breached, the corporate passwords become available to attackers.
Cybercriminals will then test breached credentials against a variety of other logins, taking over any other accounts protected by the same username and password. Hackers will access corporate email domains, valuable enterprise systems, customer data and intellectual property with the stolen credentials.
SpyCloud has examined its database of nearly 100 billion breach assets to see what breach data we could tie to companies in the Fortune 1000, searching for breach records containing Fortune 1000 corporate email domains, excluding “freemail” domains that are available to consumers.
The company linked over 412 million breach assets within our dataset to employees within the Fortune 1000 and has broken that number down by data type and sector to reveal the scope of the breach exposure facing different sectors. Across the exposed credentials, Fortune 1000 employees have reused passwords at a rate of 76.5 percent.
Within our dataset of Fortune 1000 corporate breach exposures, SpyCloud calculated password reuse rates by determining how many employees with more than one exposed login have reused the same password or a close variation across multiple sites.
Employees with multiple reused passwords in the dataset may or may not reuse passwords at work; however, password reuse across personal accounts does provide an indication of employees’ overall password hygiene.
To combat the cyberattacks, enterprises must be able to trust the identities of the employees, consumers and suppliers logging into their networks. In addition, organizations should safeguard the corporate assets and IP behind those logins.
SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals' ability to profit from stolen information.