Dark web forums are the place for cybercriminals to distributing login credentials, malware, and other illicit materials. These dark web forums are not reachable from our regular browsers. These dark web forums are reachable only with browsers such as Tor.

A new report reveals more than 21 million login credentials associated with Fortune 500 companies of 10 different industries around the globe.

Fortune 500 Companies Credentials in Dark Web

According to the ImmuniWeb report, 21 million(21,040,296) belonging to Fortune 500 companies found on the underground dark web forums. Out of 21 million credentials 16 million(16,055,871) exposed within last 12 months.

The data was collected by ImmuniWeb from various services such as the TOR network, IRC channels, Pastebin, messenger chats and other illicit locations.

The exposed database was categorized based on the Industry, Technology Industry stands at the top of the list followed by Financials and the health care.

Login credentials are the first step of authentication, if you have a weak password, then it is a cakewalk for hackers, by using brute force attack method they gain access to the accounts.

The report also reveals that users continue to use weak default passwords for multiple accounts, the image shows the top 5 passwords used by industry.

Default Passwords Pic: ImmuniWeb

Shockingly still the usage of weak or default passwords are high in numbers, here is the list of weak passwords used based on the Industry.

Weak Password Percentage Pic: ImmuniWeb

Spyware, Phishing, and misconfigurations are the cyber-attacks used by attackers to gain unauthorized access to the organization network.

Once they gained unauthorized access to computers or networks they steal all the possible information that can be sold on the dark web, they look to steal names, email addresses, usernames, passwords, and credit card numbers.

If a breach happens on a website or a service that you account, then the first point to check with Have I Been Pwned service, the user needs to enter the email address and it will check the email address stolen at some point.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.