Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Single sign-on (SSO) credentials are considered “the keys to the kingdom” by cybersecurity professionals. Employees access many applications by logging in once with these credentials, and they’re the last thing an organization wants stolen or for sale on the dark web. If malicious actors obtain your organization’s SSO credentials, they could access your systems and data like a trusted insider, including payroll, contracts, intellectual property, and more.

In short, a malicious actor can inflict significant damage upon an organization by obtaining its SSO credentials. 

Unfortunately, even the world’s largest and most important companies are struggling to secure these critical assets. Scouring the dark web for critical SSO credentials associated with 3,000 publicly traded companies, BitSight found that 25% of the S&P 500 and half of the top 20 most valuable public U.S. companies have had at least one SSO credential for sale on the dark web in 2022.

These affected companies — representing $11 trillion in value — may be at risk, along with their global customer bases.


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

Technology sector most affected

BitSight also identified the technology sector as being most impacted. This is particularly concerning given recent events — bad actors are increasingly breaching technology companies as a means of breaching broad customer bases.

“Businesses need to be aware of the risks posed by their major IT vendors. As we’ve seen repeatedly, insecure vendor credentials can provide malicious actors with the access they need to target large customer bases at scale. The impact of a single exposed SSO credential could be far reaching,” said BitSight Cofounder and CTO Stephen Boyer.

Image source: BitSight.

Popularized cybersecurity controls are no longer enough — organizations with strong security controls in place are still getting breached. BitSight recommends organizations up their game by deploying more dynamic and robust security measures such as dynamic MFA, universal two-factor authentication (U2F), and a host of other controls such as implementing least privilege and third-party risk management. 

BitSight’s research alerts the global business community to the critical threat of SSO credential theft. The reality is that even with a heightened state of security among public companies, SSO credentials are still being stolen and sold on the dark web at staggering rates.


BitSight analyzed the security posture of three thousand publicly traded companies to understand how the world’s most valuable and best-resourced companies are protecting their critical SSO credentials.

Read the full report from BitSight.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.