Home / News / SpyCloud Releases Research Report, Noting Breach Exposure of the Fortune 1000

SpyCloud Releases Research Report, Noting Breach Exposure of the Fortune 1000

Jeff Brody

SpyCloud released “SpyCloud Research: Breach Exposure of the Fortune 1000,” noting that fifty-nine percent of people admit to using the same password everywhere, including fortune 1000 employees, the company reported on Wednesday

The report noted that password reuse matters because of how often login credentials are exposed to data breaches. An employee who reuses their corporate credentials as personal logins put their employer’s security in the hands of third-party site operators; when some of the sites are breached, the corporate passwords become available to attackers.

Cybercriminals will then test breached credentials against a variety of other logins, taking over any other accounts protected by the same username and password. Hackers will access corporate email domains, valuable enterprise systems, customer data and intellectual property with the stolen credentials.

SpyCloud has examined its database of nearly 100 billion breach assets to see what breach data we could tie to companies in the Fortune 1000, searching for breach records containing Fortune 1000 corporate email domains, excluding “freemail” domains that are available to consumers. 

The company linked over 412 million breach assets within our dataset to employees within the Fortune 1000 and has broken that number down by data type and sector to reveal the scope of the breach exposure facing different sectors. Across the exposed credentials, Fortune 1000 employees have reused passwords at a rate of 76.5 percent.

Within our dataset of Fortune 1000 corporate breach exposures, SpyCloud calculated password reuse rates by determining how many employees with more than one exposed login have reused the same password or a close variation across multiple sites.

Employees with multiple reused passwords in the dataset may or may not reuse passwords at work; however, password reuse across personal accounts does provide an indication of employees’ overall password hygiene.

To combat the cyberattacks, enterprises must be able to trust the identities of the employees, consumers and suppliers logging into their networks. In addition, organizations should safeguard the corporate assets and IP behind those logins.

About SpyCloud 

SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals' ability to profit from stolen information.

Check Also

GMU GovCon Center Hosts Webinar on COVID-19 Impact; Jerry McGinn Comments

George Mason University and industry executives discussed the implications of the ongoing coronavirus pandemic for both agencies and companies during a webinar hosted by GMU's Center for Government Contracting. "Panelists noted that businesses need to take an extremely proactive role in communicating and engaging with their government customers and that government agencies need to likewise recognize the centrality of the contract workforce for their respective missions," Jerry McGinn, the center's executive director, told GovCon Wire.

Phebe Novakovic, General Dynamics Chairman & CEO, Named to 2020 Wash100 for Driving Company Growth; Supporting U.S. National Security

Executive Mosaic is honored to present Phebe Novakovic, chairman and CEO of General Dynamics, as an inductee into the 2020 Wash100 Award for driving company growth, expanding its senior management team and defending our nation’s national security interests.