Breach Exposure of the Fortune 1000

It’s human nature: people reuse passwords. Unfortunately, those reused passwords can easily become exposed to cybercriminals and used for malicious intent. According to the 2019 Verizon Data Breach Report, the use of weak and stolen credentials ranked as the most common hacking tactic for the third year in a row.

Password reuse represents a particularly significant security risk for enterprises, which house valuable corporate secrets and represent lucrative targets for cybercriminals. Employees frequently reuse corporate credentials as personal logins, regardless of security guidelines that prohibit such behavior. When those third-party sites are subject to data breaches, reused employee logins provide easy entry points to corporate systems and networks.

In addition to corporate credentials, data breaches expose a wealth of personal information that can enable cybercriminals to bypass security measures, take over accounts, and compromise enterprise networks. Employees, trusted partners, and suppliers with privileged access can all be vulnerable to account takeover and business email compromise.

With nearly 100 billion recovered breach assets collected to date, SpyCloud maintains the world’s largest repository of recovered stolen credentials and PII. SpyCloud researchers continually monitor the criminal underground for breach data that has become available to cybercriminals, using human intelligence to gain access to stolen data as soon as possible after a breach occurs.

To provide a snapshot of the breach exposure affecting major enterprises, we examined SpyCloud’s entire database to see what breach data we could tie to companies in the Fortune 1000. To do so, we searched for breach records containing Fortune 1000 corporate email domains, excluding “freemail” domains that are available to consumers. For example, if a Fortune 1000 employee signed up for a breached third-party site using their corporate email address, [email protected], we were able to tie the resulting breach record to their employer.

We were able to identify over 412 million breach assets within our dataset tied to employees in the Fortune 1000. Within this analysis, we have broken that number down by data type and sector (as defined by Fortune) to reveal the scope of the breach exposure facing different sectors.

Bear in mind that corporate employees also have personal aliases that aren’t reflected in this analysis, which can also be tied to corporate identities and used for illicit gain. In addition, this data will capture some employees who have moved on to other companies. However, we hope that this analysis provides a window into the scale of the account takeover risks facing large enterprises and the importance of monitoring employee credentials for weak and reused passwords.