"Shocking Cybersecurity Breach: Thousands of Top Security Vendors’ Credentials Leaked on Dark Web – Are You at Risk

In January 2025, threat intelligence firm Cyble reported the discovery of thousands of leaked account credentials belonging to at least 14 major cybersecurity vendors on the dark web. These credentials, leaked since the start of the year, were primarily harvested from infostealer malware logs and subsequently sold on cybercrime marketplaces for as little as $10. The exposed data encompasses both internal accounts and customer access across various web and cloud environments, indicating potential compromises of both security vendors and their clients.

Cyble

The affected vendors include prominent names such as CrowdStrike, Palo Alto Networks, Fortinet, Zscaler, SentinelOne, RSA Security, Exabeam, and LogRhythm. The leaked credentials pertain to critical internal systems like Okta, Jira, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom. While Cyble did not verify the validity of these credentials, many are associated with easily accessible web console interfaces, single sign-on (SSO) logins, and other web-facing account access points.

Cyble

The proliferation of infostealer malware has significantly contributed to the surge in stolen credentials. These malware variants are designed to extract sensitive information, including login details and financial data, from infected systems. The stolen data is often sold in bulk on dark web marketplaces, making it accessible to a wide range of threat actors.

Forbes

This incident underscores the critical importance of implementing robust cybersecurity measures, such as multifactor authentication (MFA), zero trust architectures, and comprehensive dark web monitoring. Even organizations specializing in security are not immune to such breaches, highlighting the need for continuous vigilance and proactive defense strategies to mitigate potential cyber threats.

Cyble

Sources

1. "Major Cybersecurity Vendors' Credentials Found on Dark Web" – Infosecurity Magazine

This article reports on Cyble's discovery of thousands of account credentials belonging to major cybersecurity vendors available on the dark web. The credentials, leaked since the start of 2025, likely originated from infostealer logs and were sold in bulk on cybercrime marketplaces. The exposed data includes internal accounts and customer access across various web and cloud environments, suggesting potential compromises of both security vendors and their clients.

InfoSecurity Magazine

2. "Cyble Finds Thousands of Security Vendor Credentials on Dark Web" – Cyble Blog

Cyble's official blog provides an in-depth analysis of the leaked credentials, identifying at least 14 major cybersecurity vendors affected. The credentials pertain to critical internal systems such as Okta, Jira, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom. While the validity of these credentials was not tested, their exposure underscores the importance of dark web monitoring as an early warning system to prevent larger cyberattacks.

Cyble

3. "Account Credentials for Security Vendors Found on Dark Web" – The Cyber Express

This article highlights Cyble's findings of leaked credentials from 14 cybersecurity vendors on the dark web. The credentials, leaked since the start of 2025, include access to sensitive internal systems and customer interfaces. The report emphasizes the need for organizations to implement robust cybersecurity measures, including multifactor authentication and dark web monitoring, to mitigate potential threats arising from such exposures.

The Cyber Express

4. "New Security Alert—1 Billion Passwords Stolen By Malware, Act Now" – Forbes

Forbes reports on a broader security alert concerning over 1 billion passwords stolen by malware. The article discusses the rise of infostealer malware designed to collect passwords and cookies from users' browsers. These stolen credentials are often sold on the dark web, posing significant risks to both individuals and organizations. The report underscores the importance of implementing robust cybersecurity measures to protect against such threats.

Forbes

These articles collectively highlight the pervasive threat posed by infostealer malware and the critical importance of proactive cybersecurity measures to protect sensitive information from being compromised and sold on the dark web.