221 of the Fortune 500 companies have leaked employees’ credentials online according to research from Recorded Future.

Leaked credentials can be found on websites such as Pastebin, which is a popular choice for hackers looking for somewhere to dump usernames and passwords they’ve acquired.

Researchers at Recorded Future scanned roughly 600,000 websites for leaked credentials posted between January 1 and October 8, 2014. When the findings were analyzed, it was discovered that there was at least one username and password combination from 44% of the Fortune 500 companies.

These leaked credentials could mean trouble for the companies as they could now be open to cyber attacks, email phishing and social engineering attacks.

It is common for cyber criminals to take leaked credentials from one breach and use them to gain access to another site. This means that the leaked details at the Fortune 500 companies could well have been stolen in cyber attacks on third parties where users have used their corporate email addresses and passwords to sign up. Let’s hope for these organizations’ sakes that their staff don’t have the bad habit of reusing passwords.

The report doesn’t provide the names of affected companies or individuals, nor has Recorded Future notified any of the companies yet. Recorded Futures said the goal of their research was to show that big companies are not immune to huge password leaks.

Subscribe to our hacks and breaches updates

[email-subscribers namefield=”YES” desc=”” group=”databreachupdates”]