Complex Made Simple

20,000 employees’ data leaked: Are you one?

* UAE tops list in Middle East for most employee data leaks

* 20,000 GCC employees’ credentials have been leaked online

* Globally 5.5 million employees have become victim of breaches

* LinkedIn accounted for 30 per cent of the total leaks


You could be among the 20,000 GCC employees whose credentials have been leaked online. Yes, a new study has found that credentials for more than 5.5 million employees of the world’s largest companies have been compromised, with many of them from third-party breaches.


Cyber security firm Digital Shadows analyzed the largest 1,000 companies listed on the Forbes Global 2000. Its Compromised Credentials research paper shows that 97 per cent of those companies, spanning all businesses sectors and geographical regions, had leaked credentials publicly available online.

data leak


In the Middle East, the UAE topped with more than with over 15,000 leaked credentials followed by 3360 from Saudi Arabia. In Kuwait personal details of 203 employees were exposed online while there were 99 breaches in Qatar.


Shockingly, technology industry was the biggest victim of the breaches in the region. Financial services, oil & gas and chemicals had also come under threat.


data leak 2


Social media pitfalls

The study suggests that most of the breaches stemmed from social media platforms. LinkedIn accounted for 30 per cent of the total leaks while MySpace and Tumblr were responsible for 21 per cent and 8 per cent of the total credentials respectively.


“The world used to be about your perimeters and your network. Recently there have been shifts as a result of social media, cloud and mobile. Which means that quite often, when information is getting online, it’s not from the company; it’s from a third party like a contractor somewhere in the company’s supply chain,” says Chris Brown, Digital Shadows VP EMEA and APJ.


“Compromised credentials hold significant value for cybercriminals as the information can be used for botnet spam lists, extortion attempts, spear-phishing and account takeover,” warns Brown.


Internet and social media penetration has been on a rise in the region but it has been coupled with mounting security worries.




Earlier this year, a study by Northwestern University in Qatar, in partnership with Doha Film Institute, revealed that users are shunning Facebook and Twitter because of growing concerns about online privacy. They prefer direct messaging apps over the social networking platforms.


So what’s the solution?

Will mere resetting of passwords do any help? Digital Shadows says it will not.


“Password resets can cause a lot of friction for organizations and so it’s necessary for IT departments first need to figure out whether the information stolen from a breach is unique, re-posted, or outdated information.”


“10 per cent of the 5 million leaked credentials in the report were actually duplicates which can cause even more confusion for an organisation that has suffered a breach.”


“In order for organisations to prepare themselves for the inevitable data breach they need to first understand the impact of a breach and what they can do to prepare their employees and business for credential compromise,” argues Brown.