Weak password hygiene and password reuse across FTSE 100 firms
Trend
Summary
Hide ▲
Show ▼
A FTSE 100 credential-hygiene snapshot shows 59% of companies still have at least one employee using “password” as a password, raising account-takeover risk across major UK enterprises. The same exposure set includes 460,000 compromised credentials, and password reuse was common across known leaks. Financial services was especially affected with 70,000+ credentials. The trend matters because trivial and reused passwords make stolen credentials easier to replay in later intrusions.
Related Happenings
Microsoft Azure CLI password-spray campaign using ROPC
Campaign
H score24
First: 01.07.2026 08:46
Last: 01.07.2026 08:46
Sources 1
About this happening:
A **massive automated password-spray campaign** against **Microsoft Azure CLI** compromised **at least 78 accounts** across **64 organizations**, expanding access risk across clou...
Microsoft Azure CLI password-spray campaign using ROPC
CampaignAbout this happening: A **massive automated password-spray campaign** against **Microsoft Azure CLI** compromised **at least 78 accounts** across **64 organizations**, expanding access risk across clou...
BEC defensive guidance for exposed-credential and account-misuse risk
Defensive Guidance
H score14
First: 30.06.2026 17:00
Last: 30.06.2026 17:00
Sources 1
About this happening:
**BEC defenders** are being pushed toward tighter **training** and **account-response controls** as operators combine **AI-generated business correspondence**, **call-center press...
BEC defensive guidance for exposed-credential and account-misuse risk
Defensive GuidanceAbout this happening: **BEC defenders** are being pushed toward tighter **training** and **account-response controls** as operators combine **AI-generated business correspondence**, **call-center press...
FortiBleed Fortinet credential-theft campaign
Campaign
H score89
First: 19.06.2026 13:48
Last: 19.06.2026 13:48
Sources 1
About this happening:
The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...
FortiBleed Fortinet credential-theft campaign
CampaignAbout this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...
Latest development: 22.06.2026 11:30
The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.
CISA FortiBleed mitigation guidance
Advisory/Mitigation
H score67
First: 19.06.2026 09:47
Last: 19.06.2026 09:47
Sources 1
About this happening:
**CISA** issued mitigation guidance for **FortiBleed**, urging operators of **internet-accessible Fortinet devices** to harden exposed **FortiGate** and VPN environments after a *...
CISA FortiBleed mitigation guidance
Advisory/MitigationAbout this happening: **CISA** issued mitigation guidance for **FortiBleed**, urging operators of **internet-accessible Fortinet devices** to harden exposed **FortiGate** and VPN environments after a *...
UK employees at large firms selling corporate credentials over the past year
Trend
H score72
First: 06.05.2026 11:40
Last: 06.05.2026 11:40
Sources 1
About this happening:
**UK employees** at **large firms** are continuing to sell corporate credentials, with a survey finding **13%** admitted doing so or knew someone who had over the **past 12 months...
UK employees at large firms selling corporate credentials over the past year
TrendAbout this happening: **UK employees** at **large firms** are continuing to sell corporate credentials, with a survey finding **13%** admitted doing so or knew someone who had over the **past 12 months...
Timeline
-
18.11.2025 11:45 2 articles · 7mo ago
FTSE 100 credential exposure and weak password hygiene
Initial DisclosureSocura and Flare monitored clear and dark web cybercrime communities for FTSE 100 company domains and identified 460,000 compromised credentials tied to employees at UK’s largest firms. Some companies had as many as 45,000 leaked credentials, 15 companies had more than 10,000 each, and financial services accounted for 70,000+ credentials; the same exposure set also included 28,000 corporate credentials in stealer logs, CXO email addresses and passwords on sites like Doxbin, and widespread weak password hygiene with 59% of FTSE 100 companies having at least one employee using “password” as a password. The findings pointed to infostealer malware and password reuse as major drivers and recommended MFA using passkeys, exposure monitoring, and rapid detection of suspicious logins.
Show sources
- Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites — www.infosecurity-magazine.com — 18.11.2025 11:45
- Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites — www.infosecurity-magazine.com — 18.11.2025 11:45