"25% Of S&P 500 Have SSO Credentials Exposed on Dark Web"

Cybersecurity professionals regard Single Sign-On (SSO) credentials as the keys to the kingdom. Employees gain access to numerous applications by logging in once with these credentials, which are the last thing an organization wants stolen or sold on the dark web. If malicious actors obtain an organization's SSO credentials, they can access its systems and data as if they were a trusted insider, including payroll, contracts, intellectual property, and other sensitive information. Even the world's largest and most powerful corporations have been found to be struggling to protect these critical assets. BitSight discovered that 25 percent of the S&P 500 and half of the top 20 most valuable public US companies had at least one SSO credential for sale on the dark web in 2022 after searching the dark web for critical SSO credentials associated with 3,000 publicly traded companies. These affected companies, worth $11 trillion, and their global customer bases may be at risk. BitSight also identified technology as the industry most affected, which is especially concerning in light of recent events where threat actors have increasingly been breaching technology companies in order to gain access to large customer bases. Popularized cybersecurity controls are no longer sufficient as organizations with strong security controls are still being breached. BitSight advises organizations to step up their security game by implementing more dynamic and robust security measures such as dynamic multi-factor authentication (MFA), universal two-factor authentication (U2F), and other controls like least privilege and third-party risk management. This article continues to discuss key findings from BitSight’s analysis of exposed SSO credentials.

VB reports "25% Of S&P 500 Have SSO Credentials Exposed on Dark Web"