Report: 25% of S&P 500 have SSO credentials uncovered on darkish internet


Had been you unable to attend Remodel 2022? Try the entire summit periods in our on-demand library now! Watch right here.

Single sign-on (SSO) credentials are thought-about “the keys to the dominion” by cybersecurity professionals. Workers entry many functions by logging in as soon as with these credentials, and so they’re the very last thing a corporation needs stolen or on the market on the darkish internet. If malicious actors get hold of your group’s SSO credentials, they may entry your programs and knowledge like a trusted insider, together with payroll, contracts, mental property, and extra.

Briefly, a malicious actor can inflict important injury upon a corporation by acquiring its SSO credentials. 

Sadly, even the world’s largest and most vital corporations are struggling to safe these crucial belongings. Scouring the darkish internet for crucial SSO credentials related to 3,000 publicly traded corporations, BitSight discovered that 25% of the S&P 500 and half of the highest 20 most dear public U.S. corporations have had no less than one SSO credential on the market on the darkish internet in 2022.

These affected corporations — representing $11 trillion in worth — could also be in danger, together with their international buyer bases.


MetaBeat 2022

MetaBeat will convey collectively thought leaders to present steerage on how metaverse expertise will rework the best way all industries talk and do enterprise on October 4 in San Francisco, CA.

Register Right here

Know-how sector most affected

BitSight additionally recognized the expertise sector as being most impacted. That is notably regarding given current occasions — unhealthy actors are more and more breaching expertise corporations as a way of breaching broad buyer bases.

“Companies want to pay attention to the dangers posed by their main IT distributors. As we’ve seen repeatedly, insecure vendor credentials can present malicious actors with the entry they should goal giant buyer bases at scale. The influence of a single uncovered SSO credential may very well be far reaching,” stated BitSight Cofounder and CTO Stephen Boyer.

Picture supply: BitSight.

Popularized cybersecurity controls are now not sufficient — organizations with robust safety controls in place are nonetheless getting breached. BitSight recommends organizations up their sport by deploying extra dynamic and strong safety measures equivalent to dynamic MFA, common two-factor authentication (U2F), and a bunch of different controls equivalent to implementing least privilege and third-party threat administration. 

BitSight’s analysis alerts the worldwide enterprise neighborhood to the crucial menace of SSO credential theft. The truth is that even with a heightened state of safety amongst public corporations, SSO credentials are nonetheless being stolen and bought on the darkish internet at staggering charges.


BitSight analyzed the safety posture of three thousand publicly traded corporations to know how the world’s most dear and best-resourced corporations are defending their crucial SSO credentials.

Learn the full report from BitSight.

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize data about transformative enterprise expertise and transact. Uncover our Briefings.

Supply hyperlink