SpyCloud Releases Research Report, Noting Breach Exposure of the Fortune 1000

Jeff Brody

SpyCloud released “SpyCloud Research: Breach Exposure of the Fortune 1000,” noting that fifty-nine percent of people admit to using the same password everywhere, including fortune 1000 employees, the company reported on Wednesday

The report noted that password reuse matters because of how often login credentials are exposed to data breaches. An employee who reuses their corporate credentials as personal logins put their employer’s security in the hands of third-party site operators; when some of the sites are breached, the corporate passwords become available to attackers.

Cybercriminals will then test breached credentials against a variety of other logins, taking over any other accounts protected by the same username and password. Hackers will access corporate email domains, valuable enterprise systems, customer data and intellectual property with the stolen credentials.

SpyCloud has examined its database of nearly 100 billion breach assets to see what breach data we could tie to companies in the Fortune 1000, searching for breach records containing Fortune 1000 corporate email domains, excluding “freemail” domains that are available to consumers. 

The company linked over 412 million breach assets within our dataset to employees within the Fortune 1000 and has broken that number down by data type and sector to reveal the scope of the breach exposure facing different sectors. Across the exposed credentials, Fortune 1000 employees have reused passwords at a rate of 76.5 percent.

Within our dataset of Fortune 1000 corporate breach exposures, SpyCloud calculated password reuse rates by determining how many employees with more than one exposed login have reused the same password or a close variation across multiple sites.

Employees with multiple reused passwords in the dataset may or may not reuse passwords at work; however, password reuse across personal accounts does provide an indication of employees’ overall password hygiene.

To combat the cyberattacks, enterprises must be able to trust the identities of the employees, consumers and suppliers logging into their networks. In addition, organizations should safeguard the corporate assets and IP behind those logins.

About SpyCloud 

SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals' ability to profit from stolen information.

You may also be interested in...

F-35 Lightning II

State Dept OKs Potential $10B Sale of Lockheed-Made F-35s to UAE

The State Department informed Congress it approved the United Arab Emirates’ request to buy 50 Lockheed Martin-built (NYSE: LMT) F-35 fighter jets under a potential $10B deal, Reuters reported Friday. The potential foreign military sales deal will move to an informal review by the House Foreign Affairs and Senate Foreign Relations committees.

strategic partnership

DC Capital Aims to Help HTSI Grow Gov’t Footprint via Strategic Partnership

Private equity firm DC Capital Partners has entered into a strategic partnership agreement with Huntsville, Alabama-based system engineering company Hill Technical Solutions Inc. aimed at helping expand the latter's customer base and support work in the government sector.