Cybersecurity vendors are facing a new threat as their account credentials are being sold on dark web marketplaces, according to a recent report by Cyble. The report highlights the alarming fact that not only customer credentials but also internal account information from security vendors themselves are being leaked and sold on these illicit platforms.
These leaked credentials, which should have been protected by multifactor authentication, are available for purchase for as little as $10. Cyble found that these credentials were likely obtained from infostealer logs and then sold in bulk on the dark web. The vendors in question offer a range of security tools and services, including enterprise and cloud security solutions, as well as consumer security products.
While most of the leaked credentials are for customer accounts, there are also internal credentials for sensitive systems such as Okta, Jira, GitHub, AWS, and Microsoft Online, among others. Cyble did not disclose the names of the affected vendors at their request. The report also mentioned that many of the leaked credentials are for easily accessible web interfaces and account access points.
The exposure of these credentials not only poses a direct hacking risk but also provides threat actors with valuable reconnaissance information. By gaining access to system details and vulnerabilities, hackers can better plan and execute cyberattacks. Additionally, sensitive data such as company email addresses and product account interfaces were found to be exposed, potentially leading to significant security breaches.
Cyble emphasized the importance of basic cybersecurity practices such as multifactor authentication, zero trust, vulnerability management, and network segmentation in preventing data breaches and ransomware attacks. The report serves as a stark reminder that even the largest security vendors are vulnerable to infostealers, highlighting the need for enhanced security measures across all organizations.
In conclusion, the dark web marketplace for cybersecurity vendor credentials poses a serious threat to both vendors and their customers. The sale of these credentials underscores the importance of proactive dark web monitoring as a defense against cyber threats. Organizations must prioritize cybersecurity practices to safeguard their sensitive data and prevent potentially devastating cyberattacks.