Half a Million FTSE 100 Employee Credentials Found on Criminal Sites, Socura Report Reveals

A new cybersecurity report has revealed a massive leak of employee logins connected to the UK’s biggest companies. Security firm Socura, along with Flare, found over 460,000 stolen credential instances linked to FTSE 100 employees. These credentials were discovered on criminal marketplaces, forums, and dark-web platforms. The scale of exposure has raised serious concerns across the corporate sector.

The report, titled “FTSE 100 for sale,” involved deep analysis of stealer logs, breach data, and underground trading hubs. The findings show how widely corporate login details are circulating among cybercriminals. Attackers can easily purchase these credentials instead of hacking systems directly. This makes every exposed employee a potential entry point for cyberattacks.

One of the most alarming discoveries was that 15 FTSE 100 companies each had more than 10,000 stolen credential instances online. Even worse, one single company had over 45,000 such instances available. This level of exposure shows how much corporate information has already slipped into the wrong hands. It highlights a growing weakness in everyday digital protection.

The report also found that around 28,000 of these credentials came directly from infostealer malware logs. This means malware had infected devices and quietly harvested passwords and usernames. These logs are often sold in bulk to criminals looking for quick access. Once stolen credentials appear in stealer logs, they spread very fast across cybercrime networks.

Another major issue was the presence of extremely weak passwords. According to the report, 59% of FTSE 100 companies had at least one employee still using the password “password.” This shows how simple human mistakes are still creating huge risks for large organisations. Even the strongest security systems cannot compensate for weak personal password habits.

The report didn’t only focus on technical risks it uncovered a worrying personal threat as well. Evidence of a potential death threat targeting a FTSE 100 CEO was recorded during the investigation. This incident reflects how cybercrime has expanded beyond business disruption. Criminal behaviour is increasingly threatening individuals at the highest levels.

Socura’s recommendations were straightforward: companies must improve password policies, enforce multi-factor authentication, and monitor the web for leaked credentials. They also urge quick action when stolen credentials appear in stealer logs. Detecting and responding to these leaks early can prevent serious intrusions. Stronger employee awareness is also essential.

Overall, the findings show that even the UK’s top companies struggle with fundamental cybersecurity challenges. Stolen credentials, weak passwords, and malware infections continue to create easy opportunities for attackers. This report is a reminder that digital security is only as strong as its weakest login. Businesses must act fast before these risks turn into real-world damage.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news