A report by security researchers at Cyble has uncovered a troubling discovery: thousands of account credentials from several leading cybersecurity vendors have been stolen and are being sold on dark web marketplaces for as little as 10 dollars. These credentials include passwords for internal systems, customer accounts, and cloud-based environments—posing substantial risks to these organizations and their clients. Cyble refrained from naming the vendors, citing potential security implications.
The stolen credentials, linked to major enterprise and consumer security companies, were reportedly extracted from info stealer malware logs. Unlike older, less relevant breaches, Cyble’s data focused on leaks from the current year, highlighting a more immediate threat. These accounts, often associated with sensitive management and developer interfaces, could potentially allow attackers to conduct reconnaissance, locate sensitive data, and exploit system vulnerabilities. The stolen credentials, which include company email addresses, make even multi-factor authentication (MFA) systems susceptible to misuse.
Cyble’s analysis revealed that much of the compromised data belonged to customer-facing systems, but internal accounts weren’t immune. The researchers noted that info stealers can expose URLs for management interfaces and other tools unknown to the public. This provides hackers with valuable intelligence about an organization’s systems and potential entry points. Even if MFA is in place, such details enhance attackers’ ability to prepare targeted exploits.
We hope that vendors are keeping track of these and ensuring that remedial steps are taken, but more important – that they are addressing the weaknesses that caused the leaks. “Depending on the privileges granted to those accounts,” Cyble warned, “the exposure could be substantial.”
Researchers warned that leaked credentials often serve as precursors to larger security incidents, such as ransomware attacks or data breaches. Hopefully, for the customers and companies involved, these attacks have not yet taken place.