Data Breach Threats

Exclusive: The Top 10 Companies Facing Risks on the Dark Web

Exclusive: The Top 10 Companies Facing Risks on the Dark Web

Hacking forums remain the main place where hackers trade information, techniques, malicious codes, tools and new compromised assets.

In recent years, we have seen a growing number of mentions of leaked domains in the deep and dark web. Cybercriminals are mostly targeting online and popular brands, and offer everything from log sessions or user credentials to phishing kits and botnet cloud services. All of these are used to breach online domains. 

The threat actors are building their reputation but most importantly, they can trade this information for a few dollars to thousands of dollars per item. The risk is high as eventually each account or backdoor can serve as a channel to a bigger breach.

In this post we will reveal the top 10 organizations whose assets were traded and discussed in the deep and dark web over the past six months.

The list is long and includes thousands of compromised organizations, including private companies, Fortune 100 companies and websites.

The most common compromised entity is the account. It is usually traded together with login credentials or cookies for a few dozens of dollars per item. Once it’s sold or leaked it can be used by more sophisticated hackers to breach highly confidential or sensitive information or perform a spear phishing, an email or electronic communications scam targeted against other servers in the organization.

To determine which companies are at greater risk of a breach or a cyber attack, we searched for the top 10 domains that were compromised over the last 6 months.

In the list below you can find the top 10 domains at risk:

CompanyDomainNo. of MentionsService TypePotential Risk
Googleaccounts.google.com24,928Social ServicePhishing, doxing, blackmailing, financial assets at risk, business compromised
Instagraminstagram.com20,107Social Service Phishing, doxing, blackmailing, financial assets at risk, business compromised
YouTubeyoutube.com19,892Social Service Phishing, doxing, blackmailing, financial assets at risk, business compromised
Twittertwitter.com16,321Social Service Phishing, doxing, blackmailing, financial assets at risk, business compromised
Facebookfacebook.com14,158Social Service Phishing, doxing, blackmailing, financial assets at risk, business compromised
Debrid-Linkdebrid-link.com13,169File HostingSensitive documents at risk, financial risk
Virus Totalvirustotal.com11,648Antivirus ServiceA part of phishing process
Microsoftlogin.live.com11,218Email ServiceSensitive documents s at risk, financial risk, business compromised
Discorddiscord.gg8,730Social ServicePhishing, doxing, blackmailing, financial assets at risk, business compromised
Sellixsellix.io8518Online RetailPhishing, financial Risk

Most of the top compromised domains are either social accounts or content-service based (file hosting, mail service and others). In most of the cases, this will be the first step a hacker takes to gain access to a highly sensitive information by using phishing attack, account takeover (ATO), ransomware attack and others.

The following is an example from Russian Market (stealer logs section):

An example of compromised domain from Russian Market

Most of these accounts are associated with enterprises and organizations so the impact of a compromised domain is not only affecting individuals but also businesses.

Below we list an example from Webz.io’s repository which shows how a compromised domain is being traded in BHF.IO, a hacking forum that offers leaked assets and malicious cyber services.

An example of how a compromised domain is being traded in BHF.IO, a hacking forum that offers leaked assets and malicious cyber services

Using Webz.io, companies can regularly monitor the deep and dark web to trace emerging cyber threats and take action to mitigate financial and reputational risks in real time.

Spread the News

Not subscribed to our Dark Web Pulse updates?

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED