- 4 useful Galaxy S25 Ultra features that creatives and power users will love
- Expanding the Foundation of AI-Native SOCs: Mastering Holistic Data Integration
- This plug-and-play projector made my movie nights cinematic (and it's on sale)
- Samsung likely won't unveil a Galaxy Ring 2 today - but you can look forward to this instead
- Page Not Found | McAfee Blog
Major Cybersecurity Vendors’ Credentials Found on Dark Web
Thousands of account credentials belonging to major cybersecurity vendors on the dark web have been discovered by threat intelligence firm Cyble.
In a January 22 report where Cyble researchers shared their findings, they said they found credentials for at least 14 security providers.
The credentials have been leaked since the start of the year 2025. They were likely pulled from infostealer logs and then sold on cybercrime marketplaces in bulk for as little as $10.
The exposed data range from internal accounts to customer access across web and cloud environments, suggesting that both the security vendors’ customers and staff have been compromised.
The Cyble researchers did not attempt to determine whether any credentials were valid. However, many were related to easily accessible web console interfaces, single sign-on (SSO) logins, and other web-facing account access points.
The researchers assessed that these leaks likely came through potentially critical internal systems such as password managers, authentication systems, device management platforms or common internet services like Okta, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle and Zoom.
Cyble noted that the accounts linked to the exposed credentials are hopefully protected by other security layers, such as multifactor authentication (MFA).
“However, the leaked credentials underscore the importance of dark web monitoring as an early warning system for keeping such leaks from becoming much bigger cyberattacks,” the researchers added.
The cybersecurity providers affected include:
- CrowdStrike
- Exabeam
- Fortinet
- LogRhythm
- McAfee
- Palo Alto Networks
- Qualys
- Rapid7
- RSA Security
- SentinelOne
- Sophos
- Tenable
- Trend Micro
- Zscaler
Since the start of 2025, McAfee has had more than 600 credentials leaked, CrowdSrtike has had more than 300 exposed and Palo Alto had almost 400 credential exposures, according to Cyble’s findings.
Cyble noted that if the largest security vendors can be hit by info-stokers, so can any organization.
