460,000 FTSE 100 credentials have been stolen, report reveals.
getty
It’s never good to read about compromised passwords, whether they are included in a newly published and easily searchable list, an analysis of 800 million stolen credentials, or trawls of the dark web revealing exactly which passwords have been exfiltrated. But when an article, this article in fact, concerns almost half a million stolen credentials that belong to employees of FTSE 100 companies, then your business had better pay attention. And quickly. Here’s what you need to know and do.
‘FTSE 100 For Sale’ Report Reveals 460,000 Stolen Credentials On The Dark Web
Your business is not as secure as you might think. That’s the takeaway from a new report, a result of a research collaboration between analysts at Socura and Flare, which has revealed what it called “the alarming scale of stolen employee credentials” across FTSE 100 companies.
Please note that the London Stock Exchange Group itself has not been hacked, nor have any LSEG or index credentials been compromised, the report refers purely to FTSE 100 companies, for the avoidance of doubt.
The FTSE 100 For Sale report found more than 460,000 stolen credentials associated with FTSE 100 companies form sale on the dark web, and even available on the surface web that anyone can access. “The FTSE 100 includes some of the largest and most trusted brands in the UK”, Andy Kays, the Socura CEO, warned, adding that they still struggle with “the same core cyber security concerns as other businesses.” In particular, Kays pointed out, the rise in infostealer malware that has resulted in credential theft on an industrial scale.
Key Findings From The FTSE 100 For Sale Report
I would heartily recommend that every board member, every executive, every employee, and not only those in FTSE 100 companies, read the full report. Read it, absorb what it says, and heed the warnings it presents. The key takeaways, however, can be summarized as follows:
- 15 FTSE companies have more than 10,000 instances of stolen credentials available online.
- One company has over 45,000 instances.
- 8,000 instances of corporate credentials from FTSE 100 businesses were leaked via infostealer logs.
- 59% of FTSE 100 companies have at least one employee using ‘password’ as a password.
Anne Heim, the threat intelligence lead at Socura, reiterated the warnings by telling me that most cybercriminals “won’t waste precious time hacking for credentials when they can easily find or buy them online.” As such, companies should implement multi-factor authentication, use passkeys where available, and monitor for potential threat exposure in new data leaks.
Source: https://www.forbes.com/sites/daveywinder/2025/11/18/ftse-100-credentials-stolen-nearly-half-a-million-now-for-sale/
