Most cybersecurity companies had data exposed on Dark Web, survey finds

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

September 13, 2020 12:59 pm | Updated 01:05 pm IST

Half the exposed data consisted of plaintext credentials like financial and personal information.

Half the exposed data consisted of plaintext credentials like financial and personal information.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.