Skip to content

Are your employees’ credentials for sale on the dark web?

We put together this blog to guide businesses in exploring why it’s important to know and how to find out.

You may or may not be aware of the criminal underbelly of the internet known as the dark web and its potential security risks to your organization.

One of the fastest paths to a hacker’s payday is leveraging user sign-on credentials to enter a network or application and then methodically navigate toward theft of crown jewel assets (or deployment of a crippling ransomware payload).

Their malicious activity is difficult to detect because it looks like the normal day-to-day operations of employees at work.

Now, good citizens, guess where sign-on credentials are bought and sold by cyber criminals?

Yes, the dark web! If you have employee sign-on credentials that have been exposed to threat actors—you can be certain your business is now vulnerable to an attack.

When it comes to good security, many businesses don’t recognize their employees as one of their most significant security risks.

You’ve probably heard the stories of cyber criminals dumping thumb drives loaded with malicious hacker code in employee parking lots waiting for someone to pick one up and plug into a work laptop?

Pretty clever, right? Unfortunately, research studies have found that upwards of 60% of people who find a thumb drive will do just that—potentially establishing a hacker’s beachhead within the network with little to no effort.

That’s where we are right now with security. Collectively, we know we should be doing more, but it never seems to become a priority—until a security event happens, at which point it is too late.

So, are your employees’ user credentials for sale on the dark web?

A critical step in understanding your overall security posture is conducting a risk assessment for identification of unknown security vulnerabilities and defensive gaps.

As part of this effort, a dark web scan can help further identify risk exposure and act as an early warning to cyber risks lurking in the shadows.


Running a dark web scan against your email domain can provide illuminating results.

  • One organization’s email domain uncovered 30 compromised emails, including the business owner's login credentials for his bank account
  • Instances of several hundred to thousands of compromised emails have been found

The results of a dark web scan will uncover employees who may have used their business email for non-business reasons and had their credentials compromised, bringing unnecessary risk to your organization.

This is why business email addresses should never be used for non-business-related activities, and separate passwords should be used for each site or application you use.

A dark web scan will report on exposed users, and allows for set up of ongoing monitoring, so when the time comes that an employee’s credentials get exposed in the future, you can be notified and take appropriate remediation measures.

The dark web is a lot to take in, but we are here to help! To learn more, download and review our “Dark Web Scanning: Understanding the Why and the How” e-book. We break down what the dark web is and the threats to your business that might be hidden there. We explain the process and value of running a dark web scan for identification of threats, and how it informs prioritization of remediation measures to better protect your business.

Even better, run a free a dark web scan on one of your domains today. Imagine the shock and surprise if you found your employees’ access information available for sale on the dark web. Whether you’re a large enterprise or small to mid-sized business—be sure you aren’t a target for the dark web!