2 min

The login credentials of 25 percent of the 500 largest US organizations are for sale on the dark web, according to researchers from BitSight Technologies.

Single sign-on (SSO) credentials allow users to log into multiple applications and websites with a single identity. A single identity reduces the risk of phishing and data loss. Hence, SSO authentication is increasingly popular among organizations.

On the flip side, losing a single set of SSO credentials can cause massive damage. Like passwords and usernames, the credentials allow cybercriminals to access corporate systems. In March, a data breach at Okta caused data breaches for multiple companies using the organization’s SSO services.

BitSight Technologies recently investigated the trade of SSO credentials on the dark web. According to the security company, the SSO credentials of 25 percent of the 500 largest US organizations are up for sale. 1,500 SSO credentials entered the market in June and July alone.

BitSight emphasized the scale of the problem. The affected companies have a combined market value of €11 trillion. The victims operate in a variety of sectors, from ICT and manufacturing to finance and retail.


The researchers described a number of ways to prevent SSO credential theft. Phishing is one of the most popular attack methods. Even organizations with two-factor authentification are at risk. Hence, BitSight recommends implementing a multi-step authentication system that factors in user locations, time zones and behaviour.

In addition, BitSight recommends restricting access to critical systems with zero-trust policies. When accounts are exclusively authorized for necessary systems, attackers have fewer ways of moving across a network.

Finally, BitSight urges organizations to monitor the cybersecurity of vendors. Attacks on suppliers can provide access to customer environments, also known as supply chain attacks. Prevention starts with screening the cybersecurity of new and existing suppliers, the researchers indicated.

Tip: AWS anchors security even more firmly in cloud infrastructure