Overview
- Monitoring across more than 58,000 cybercrime communities identified over 460,000 credential instances (not unique accounts) tied to FTSE 100 domains, with 15 companies exceeding 10,000 and one surpassing 45,000.
- At least 28,000 corporate credentials appeared in stealer logs taken from infected devices, highlighting the expanding role of infostealer malware.
- Financial services firms accounted for more than 70,000 leaked credential instances, indicating concentrated risk in the sector.
- Fifty-nine percent of FTSE 100 companies had at least one employee using “password,” underscoring persistent weak and reused passwords.
- Recommended actions include phishing-resistant MFA such as passkeys, conditional access, continuous leak monitoring, clear BYOD controls, and rapid detection of suspicious logins and malware.