May 9, 2023 - Technology

Millions of possible telecom employees' passwords leaked online

Illustration of a cell phone tower with a lock on it

Illustration: Sarah Grillo/Axios

Employees at Fortune 1000 telecommunications companies are some of the most exposed on dark web sites, according to a report released Tuesday.

What's happening: Researchers at threat intelligence firm SpyCloud found 6.34 million pairs of credentials — including corporate email addresses and passwords — that likely belong to telecommunications company employees.

  • Those 6.34 million credentials spanned just nine Fortune 1000 telecom companies. That's an "extreme" rate compared to other sectors, the report notes.
  • In comparison, SpyCloud discovered 7.52 million pairs of credentials belonging to tech sector employees — but those employee logins spanned 167 Fortune 1000 companies.

Why it matters: Telecommunications companies remain ripe targets for malicious hackers eager to steal customers' sensitive phone and financial data.

The big picture: Hackers still have a lot of success using simple techniques — such as relying on stolen passwords or tricking individual employees into sharing their passwords — to launch impactful attacks.

Yes, but: Not every pair of credentials will still work, according to SpyCloud's report.

  • But "the ones that do match or even have a partial match represent substantial risk for these enterprises," the report says.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper