Find notable cyber news and cases, enriched with sources, timelines, and signals.

FTSE 100 company employee credentials leak

Data Leak
First reported
Last updated
Happening score
H score 43
1 unique sources, 1 articles

Summary

Hide ▲

A leak of 460,000 compromised credentials tied to FTSE 100 company employees has surfaced on clear and dark web criminal channels, raising account-takeover and breach risk across the UK’s largest firms. The exposure includes as many as 45,000 leaked credentials at a single company and more than 10,000 each at 15 companies, with financial services (70,000+) especially affected. Researchers also found 28,000 corporate credentials in stealer logs, suggesting the true exposure may be larger because additional stolen credentials can remain unseen, sold, or actively used.

Related Happenings

FortiBleed Fortinet credential-theft campaign

Campaign
H score89 First: 19.06.2026 13:48 Last: 19.06.2026 13:48 Sources 1

About this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...

Latest development: 22.06.2026 11:30

The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.

FIFA logins traded on dark-web markets

Data Leak
H score46 First: 27.05.2026 14:28 Last: 27.05.2026 14:28 Sources 1

About this happening: Around **2,500 FIFA logins** have surfaced on **dark-web markets**, turning stolen credentials into an active exposure that can fuel account abuse and downstream fraud. The leak i...

UK employees at large firms selling corporate credentials over the past year

Trend
H score72 First: 06.05.2026 11:40 Last: 06.05.2026 11:40 Sources 1

About this happening: **UK employees** at **large firms** are continuing to sell corporate credentials, with a survey finding **13%** admitted doing so or knew someone who had over the **past 12 months...

ShellForce-affiliated leak site publishes stolen identity, corporate, and résumé records

Data Leak
H score29 First: 09.02.2026 23:14 Last: 09.02.2026 23:14 Sources 1

About this happening: A **ShellForce**-affiliated leak site is publicly posting **stolen identity records**, **corporate data**, and **résumé databases**, turning intrusions into immediate exposure ris...

Docker Hub container images leaking secrets across more than 100 organizations

Data Leak
H score35 First: 04.02.2026 17:05 Last: 04.02.2026 17:05 Sources 1

About this happening: Researchers uncovered **more than 10,000 Docker Hub container images** leaking **production API keys, cloud tokens, CI/CD credentials, and AI model access tokens**, putting secret...

Timeline

  1. 18.11.2025 11:45 2 articles · 7mo ago

    FTSE 100 employee credentials exposed on cybercrime sites

    Initial Disclosure

    Socura and Flare monitored clear and dark web cybercrime communities for FTSE 100 company domains and found 460,000 compromised credentials tied to employees at the UK’s largest firms. The findings included as many as 45,000 leaked credentials at a single company, more than 10,000 each at 15 companies, and 70,000+ credentials affecting financial services, while 28,000 corporate credentials were also identified in stealer logs and additional passwords appeared on sites like Doxbin. The researchers warned that visible leaks likely understate the true exposure because stolen credentials can remain unsold, be actively used, or move through unknown channels.

    Show sources