According to the survey of a global application security company, ImmuniWeb, revealed that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web.
Some data breaches occurred as recent as in the end of August. The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.
Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.
Key findings that the research found relating to the leading global cybersecurity companies’ exposure on the Dark Web included:
- More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements – uppercase, numerical and special characters. Common passwords include ‘password’ and ‘123456’.
- Half the exposed data consisted of plaintext credentials like financial and personal information.
- A large number of leaks were silently performed by trusted third parties like suppliers or subcontractors to the company.
- Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.
- At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.
Cybersecurity companies in the US suffered the highest and critical risk incidents, followed by the UK and Canada, then Ireland, Japan, Germany, Israel, the Czech Republic, Russia, and Slovakia.
Of the 398 cybersecurity companies tested, only those in Switzerland, Portugal, and Italy did not suffer any high or critical risk incidents, while those in Belgium, Portugal, and France had the lowest number of verified incidents.