Fortune 1000 Identity Exposure Report Highlights the Need for Strong Security Measures
- The analysis of over 2.27 billion breached and malware-exfiltrated assets tied to Fortune 1000 employee accounts in 2022 reveals a significant and escalating risk to corporate security.
- The report reveals that identity exposure is a major problem for companies across all industries, with more than half of Fortune 1000 companies experiencing some form of data breach in recent years.
A recent report by cybersecurity firm SpyCloud has found that password reuse and malware infections are putting Fortune 1000 companies at risk of identity exposure. The report analyzed over 2.27 billion breach and malware-exfiltrated assets in the company’s database that are directly linked to Fortune 1000 employee accounts.
In a staggering revelation, a total of 19,661 breaches have been identified in the SpyCloud database, exposing records tied to Fortune 1000 corporate email addresses. This significant breach has put a whopping 132,429,971 breach records and 725,634,806 breach assets at risk, marking one of the largest data breaches targeting Fortune 1000 companies to date.
A breach record refers to the set of data tied to a single user within a given breach, such as information linked to a specific corporate email address within a set of data compromised in a breach event. A breach asset, on the other hand, is a piece of information contained within a breach record, including passwords, addresses, phone numbers, credit cards, and more.
The report also revealed a shocking:
- 1,865,557,005 Session Cookie Records Exposed: Cybercriminals, with access to these strings of characters used by websites or servers to recognize repeat visitors, can simulate a user, bypass authentication, and potentially hijack a session to access sensitive data.
- 27,475,565 Plaintext Corporate Email Address and Password Pairs Exposed: These credentials, tied to Fortune 1000 companies, pose a significant risk. If employees reused these passwords, criminals could exploit the exposed credential pairs to gain unauthorized access to corporate systems.
- 87,741 High-Ranking Executives’ Credentials Exposed: This puts these executives at an increased risk of targeted account takeover and business email compromise (BEC) fraud. Such high-level breaches can lead to severe consequences for the affected corporations.
- 62% Password Reuse Rate Among Fortune 1000 Employees: The breach revealed a high rate of password reuse, including exact passwords and slight variations. This increases the potential risk as criminals can easily exploit this pattern.
- 171,528 Employees’ Data Found in Infostealer Malware-Infected Devices: This high-severity exposure increases the risk of Account Takeover (ATO), fraud, and makes the enterprise vulnerable to ransomware attacks.
The table below breaks down the exposure of corporate credentials across different sectors within the Fortune 1000 companies. The data reveals the number of companies in each sector, the total number of exposed corporate credentials, and the average number of corporate credentials exposed per company. Alarmingly, sectors like Technology and Telecommunications show an extremely high number of exposed credentials, indicating a substantial risk for these enterprises.
| Sector | Number of Companies | Total Exposed Corporate Credentials | Avg Corporate Credentials Per Company |
|---|---|---|---|
| Aerospace & Defense | 17 | 668,004 | 39,294 |
| Apparel | 16 | 152,867 | 9,554 |
| Business Services | 51 | 501,545 | 9,834 |
| Chemicals | 29 | 331,267 | 11,423 |
| Energy | 101 | 832,946 | 8,247 |
| Engineering & Construction | 32 | 271,454 | 8,483 |
| Financials | 167 | 3,641,651 | 21,806 |
| Food & Drug Stores | 9 | 53,233 | 5,915 |
| Food, Beverages & Tobacco | 34 | 275,568 | 8,105 |
| Health Care | 76 | 1,543,853 | 20,314 |
| Hotels, Restaurants & Leisure | 25 | 485,664 | 19,427 |
| Household Products | 26 | 388,691 | 14,950 |
| Industrials | 50 | 1,233,537 | 24,671 |
| Materials | 46 | 247,665 | 5,384 |
| Media | 28 | 730,323 | 26,083 |
| Motor Vehicles & Parts | 19 | 541,008 | 28,474 |
| Retailing | 81 | 908,630 | 11,218 |
| Technology | 119 | 7,518,582 | 63,181 |
| Telecommunications | 9 | 6,366,177 | 704,020 |
| Transportation | 35 | 598,535 | 17,101 |
| Wholesalers | 30 | 214,365 | 7,146 |
Our analysis found a 62% average reuse rate last year, only a 2 point decrease from 2021 and a 10 point difference from the password reuse across our entire database (72%)
SpyCloud FORTUNE 1000 IDENTITY EXPOSURE REPORT
Employees in the financial services, transportation, and food and drug stores industries are most likely to reuse passwords across multiple third-party breach and malware-exposed accounts. This means that these employees are at a higher risk of having their personal and corporate information compromised if their passwords are stolen.
The data shows that 68% of employees in the financial services industry reuse passwords, followed by 67% of employees in the transportation industry and 66% of employees in the food and drug stores industry. These numbers are significantly higher than the average of 59% for all industries.
The SpyCloud report underscores the critical importance of robust cybersecurity measures, regular risk assessments, and a concerted effort to educate employees about the dangers of password reuse and the best practices for data protection. As the digital landscape continues to evolve, so too must the strategies employed by corporations to safeguard their most valuable asset: their data.
