Credentials from Top Cybersecurity Vendors Found on Dark Web For $10 Each

Share post:

A report by security researchers at Cyble has uncovered a troubling discovery: thousands of account credentials from several leading cybersecurity vendors have been stolen and are being sold on dark web marketplaces for as little as 10 dollars.  These credentials include passwords for internal systems, customer accounts, and cloud-based environments—posing substantial risks to these organizations and their clients. Cyble refrained from naming the vendors, citing potential security implications.

The stolen credentials, linked to major enterprise and consumer security companies, were reportedly extracted from info stealer malware logs. Unlike older, less relevant breaches, Cyble’s data focused on leaks from the current year, highlighting a more immediate threat. These accounts, often associated with sensitive management and developer interfaces, could potentially allow attackers to conduct reconnaissance, locate sensitive data, and exploit system vulnerabilities. The stolen credentials, which include company email addresses, make even multi-factor authentication (MFA) systems susceptible to misuse.

Cyble’s analysis revealed that much of the compromised data belonged to customer-facing systems, but internal accounts weren’t immune. The researchers noted that info stealers can expose URLs for management interfaces and other tools unknown to the public. This provides hackers with valuable intelligence about an organization’s systems and potential entry points. Even if MFA is in place, such details enhance attackers’ ability to prepare targeted exploits.

We hope that vendors are keeping track of these and ensuring that remedial steps are taken, but more important – that they are addressing the weaknesses that caused the leaks. “Depending on the privileges granted to those accounts,” Cyble warned, “the exposure could be substantial.”

Researchers warned that leaked credentials often serve as precursors to larger security incidents, such as ransomware attacks or data breaches. Hopefully, for the customers and companies involved, these attacks have not yet taken place.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways