A cybersecurity company by the name RepKnight, which provides real-time data detection and dark web monitoring services worldwide, has uncovered a massive data breach involving hundreds of thousands of stolen corporate login credentials.
According to the report, more than 600,000 company emails from prominent architecture, construction and property firms in the United Kingdom are being sold by vendors on the dark web.
Cybersecurity firm RepKnight used its darknet monitoring tool to uncover hundreds of thousands of corporate logins for sale on the dark web.
This is one among many cases that RepKnight has brought to light to many organizations.
Earlier this year, the security firm found that over 600,000 university email addresses associated with the domains of Oxford and Cambridge had been compromised and leaked on the dark web.
RepKnight is able to identify stolen user credentials with the help of the company’s dark web monitoring tool, BreachAlert.
The service alerts companies to security breaches beforehand to take control measures and avoid the catastrophe that would hit them if the credentials fell into the wrong hands.
For the current case involving top U.K. service firms, according to RepKnight’s report on the breach, more than 450,000 of the compromised email logins were said to belong to a leading construction company in the U.K.
Another 110,000 were credentials belonging to different leading U.K. architecture firms.
In addition, over 47,000 login credentials were seen to belong to property development firms.
Possible Threat Posed by the Breach
After the cybersecurity firm identified the data breach which resulted to the credentials being listed for sale on the dark web, they highlighted a list of possible outcomes expected if the data of the effected construction and architecture firms got into the hands of black hat hackers.
According to RepKnight, the compromised credentials could be a recipe used by cybercriminals to gain unauthorized access, thus putting other sensitive information belonging to the company at jeopardy.
It would include financial documents, major company proposals and plans, as well as vital client data which would damage the company’s reputation.
Another possible highlighted threat posed by the compromised data is the fact that the cybercriminals can use the hacked credentials against public information such as LinkedIn personal profiles in order to identify the desired target in an organization.
According to Patrick Martin, a cybersecurity analyst at RepKnight, with the vast growth of online information that is shared by many construction project lifecycles, there are high chances of a data breach hitting their systems.
He urged the firms to have a sharp eye on their data at all times in order to protect their customers’ credentials from black hat hackers who are ever devising new ways to steal more data.
According to Martin, since most of the firms’ sensitive data is stored away from their firewall, it is no longer safe to keep a close eye at their systems alone due to the extended supply chain of their businesses.
Security Measures Recommended
Due to the high risk posed by hackers to construction and architecture companies around the world, there are several security measures needed to ensure no cybercriminal is allowed access to sensitive client data that may compromise their public security.
The most significant measure that these companies need to take is by ensuring that the login credentials to their core systems are held by trustworthy staff who are reviewed regularly to reduce the possibility of breaches.
This is one of the major mistakes that the companies are making, oblivious of the danger lurking in it.
Security experts are advising firms that are making use of an online platform to advertise their services to familiarize themselves with the dark web and its markets regularly.
It will assist them to get to know if any of their products or data have been stolen and listed for sale by cybercriminals.
Once alerted, these companies can put in place measures to counter such threats.