According to a study, 25% of the S&P 500 have SSO credentials exposed on the dark web

According to a study, 25% of the S&P 500 have SSO credentials exposed on the dark web ...

Cybercriminals consider single sign-on (SSO) credentials to be "the keys to the kingdom." Many organizations use these credentials to access many tasks, but they're not something an organization wants to lose or sell on the dark web. If malicious actors obtain your organization's SSO credentials, they might access your records and data like trusted insiders, including payroll, contracts, intellectual property, and more.

A malicious actor may by obtaining its SSO credentials to inflict substantial damage on an organization.

Even the world's most powerful and most powerful corporations are struggling to secure these vital assets. BitSight found that 25% of the S&half of the top 20 most valuable public U.S. companies have at least one SSO credential for sale on the dark web in 2022.

These impacted businesses, which have a value of $11 trillion, may be at danger, along with their worldwide customers.

The most adverse impact on the technology industry is the technology sector.

BitSight identified the IT industry as being the most impactful. This is especially concerning given recent events — bad actors are increasingly breaking into technology companies as a way of breaching broad customer bases.

"Businesses must be aware of the dangers posed by their major IT vendors. As we've seen repeatedly, insecure vendor credentials can provide malicious actors with the access they need to target large customer bases at scale," said BitSight cofounder and CTO Stephen Boyer.

Organizations that have strong security controls are still being breached. BitSight recommends that businesses improve their game by adopting more dynamic and robust security measures, such as dynamic MFA, universal two-factor authentication (U2F), and a host of other measures, such as least privilege and third-party risk management.

The research from BitSight alerts the global business community to the danger of SSO credential theft. The fact is that even with a higher level of security among public corporations, SSO credentials are still being stolen and sold on the internet at staggering rates.


BitSight examined three thousand publicly traded companies' security postures in order to identify how the world's most valuable and best-resourced firms are protecting their critical SSO credentials.

Read BitSight's full report.

You may also like: