• Home / News / ‘FTSE 100 for Sale’: Socura Report Reveals Widespread Credential Theft Across UK’s Top Firms

‘FTSE 100 for Sale’: Socura Report Reveals Widespread Credential Theft Across UK’s Top Firms

19 November, 2025

  • News

‘FTSE 100 for Sale’: Socura Report Reveals Widespread Credential Theft Across UK’s Top Firms

UK cybersecurity provider and member of FinTech Wales Socura, in collaboration with threat exposure management platform Flare, has published a new report uncovering the scale of credential theft across the UK’s largest businesses. Titled ‘FTSE 100 for sale’, the report reveals over 460,000 instances of stolen employee credentials connected to FTSE 100 companies, highlighting a growing risk for UK enterprises.

The findings stem from an extensive analysis of cybercrime communities across both the clear and dark web. Socura and Flare’s researchers leveraged the Flare Threat Exposure Management platform to scan domains of every FTSE 100 company, revealing active credential leaks and cybercriminal activity.

“The FTSE 100 includes some of the largest and most trusted brands in the UK,” said Andrew Kays, CEO at Socura. “Yet our analysis shows that these companies struggle with the same core cybersecurity concerns as other businesses.”

Key Findings:

  • Over 460,000 instances of stolen credentials linked to FTSE 100 employees
  • One company alone had more than 45,000 instances of leaked credentials
  • 28,000 corporate credentials were exposed through infostealer malware
  • 59% of FTSE 100 companies had at least one employee using ‘password’ as a password
  • 15 companies had over 10,000 credentials exposed online
  • Evidence of a potential death threat made against a FTSE 100 CEO

These credentials, often gathered via infostealer malware and weak password practices, are regularly traded on underground forums. Once in the hands of technically skilled cybercriminals, they are used to gain system access and deploy ransomware.

“Cybercriminals are opportunists,” said Anne Heim, Threat Intelligence Lead at Socura. “Most won’t waste precious time hacking for credentials when they can easily find or buy them online.”

The report underscores the urgent need for businesses, regardless of size, to adopt robust cybersecurity practices, including multi-factor authentication, strong password policies, and real-time monitoring for leaked data.

“There’s no doubt anymore that identity is the new perimeter,” said Andrew Bartlam, VP of Channel & Global Alliances at Flare. “With the industry’s most comprehensive collection of dark web and cybercrime data, Flare detects and helps nullify threats the moment they surface.”

Recommendations for Businesses:

  • Enforce NCSC-aligned strong password policies
  • Implement phishing-resistant multi-factor authentication
  • Apply conditional access policies to manage access based on risk
  • Monitor for leaked credentials and reset compromised accounts immediately
  • Establish clear Bring Your Own Device (BYOD) policies
  • Deploy robust detection systems for suspicious login behaviour

The full report, including actionable insights and detailed threat intelligence, is available for download here. It provides an urgent wake-up call for organisations to evaluate their own exposure and take proactive steps to strengthen their cyber resilience.