A new report from Enzoic uncovers a staggering increase in compromised employee-linked accounts across Fortune 500 companies, with over three million newly compromised corporate accounts captured just between 2022 and 2024. This trend, driven by the widespread use of corporate email addresses for personal online accounts and the rise of infostealer malware, underscores the urgent need for enhanced cybersecurity measures like credential or password monitoring.
Enzoic’s analysis found that 1 in 10 Fortune 500 employees had their credentials exposed in recent years, with each account exposed 5.7 times on average. These leaked credentials pose significant risks for account takeover (ATO), fraud, and data breaches.
Critical Industries at Risk
The report highlights that ten major Fortune 500 sectors experienced a significant increase in account compromises, with sharp increases in:
- Commercial Banks & Utilities – Nearly 120,000 exposed accounts in 2024 alone, making them prime cybercrime targets due to financial and infrastructure vulnerabilities.
- Telecommunications – A 4x rise in compromised accounts, exposing critical digital infrastructure.
- Internet Services & Retailing – Continuing to be a top target, given its extensive digital footprint.
The Infostealer Malware Epidemic
The findings suggest a fundamental shift in credential compromise tactics, with the surge in infostealer malware like Redline, Raccoon, and Vidar fueling the escalation. These sophisticated malware families extract login credentials, session cookies, and digital fingerprints.
“The surge of exposed accounts linked to Fortune 500 companies marks a critical change in the security landscape,” said Dylan Hudson, Head of Threat Research and Data Science at Enzoic. “Organizations must prioritize these foundational vulnerabilities in their security postures and adopt real-time credential monitoring to mitigate the ever-growing risk of ATO and resultant data breaches.”
Mitigating the Corporate Credential Crisis
With high levels of new credential compromise from infostealers, businesses and organizations need to adopt proactive cybersecurity strategies, including:
- Continuous credential screening to detect compromised accounts before exploitation.
- Zero-trust security models that reduce reliance on passwords alone.
- Employee education to prevent corporate email use for personal online accounts.
Enzoic’s advanced threat intelligence solutions provide real-time monitoring and actionable insights to help organizations combat credential-based threats and stay ahead of evolving cyber risks.
Access the entire Fortune 500 Employee-Linked Account Exposure Report here, or visit www.enzoic.com.
About Enzoic
Enzoic is a Boulder, Colorado-based cybersecurity firm specializing in safeguarding organizations against credential-based threats. By leveraging Dark Web intelligence, Enzoic provides robust solutions to combat account takeover (ATO), identity theft, and fraud. Our core focus is on proactive threat prevention through continuous monitoring and analysis of compromised credentials. Enzoic's suite of products enables businesses to implement actionable strategies to protect employee and customer accounts from unauthorized access. As a privately held entity, Enzoic has established itself as a leader in credential screening and ATO prevention. Our solutions seamlessly integrate with existing systems, offering real-time protection without compromising user experience. By maintaining an extensive and constantly updated database of exposed credentials, Enzoic empowers organizations to stay ahead of evolving cyber threats and maintain compliance with industry standards.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250211897328/en/
Contacts
For media inquiries, contact:
Kim Jacobson
Enzoic
kim@enzoic.com
www.enzoic.com
