About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.
Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.
The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.
Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.
More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.
Half the exposed data consisted of plaintext credentials like financial and personal information.
US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.
A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.
Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.
At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.
More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.