Hundreds of network operators’ credentials found on the Dark Web

After conducting an in-depth scan of the Dark Web, Resecurity found that information of 1,572 compromised customers of different Regional Internet registries’ (RIRs) – RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC).

Examining the responses from victims, Resecurity observed various levels of awareness and actions taken:

• 45% were unaware of the compromised credentials but acknowledged successful password changes and the implementation of two-factor authentication (2FA).
• 16% were already aware of the compromised credentials due to malware infections, prompting necessary password changes and the activation of 2FA.
• 14% were aware of the compromised credentials but implemented 2FA only after receiving notifications.
• 20% recognized the need for deeper investigation into the incident, indicating a lack of clarity on when and how the compromise occurred and which other credentials might have been exposed.
• 5% could not provide feedback or identify a relevant point of contact for addressing the issue.

The findings emphasise the importance of maintaining robust security measures and conducting continuous monitoring to safeguard these digital gateways and prevent unauthorised access to networks.

Why does it matter?

This data highlights that network engineering and IT infrastructure management staff are high-value targets for cybercriminals. Additionally, new telecom technologies such as 5G are more vulnerable to cyberattacks since their core technologies are software-designed.

With growing cyberattacks, there is a need to safeguard the digital identity of staff involved in network engineering and IT infrastructure management.