The banking sector accounts for nearly a quarter of all exposed employee IDs and passwords at FTSE 100 companies, according to analysis from cyber security firm Anomali.
With the Equifax and Deloitte hacks fresh in the memory, Anomali scoured the dark web and hacker forums, finding 16,583 credential exposures related to FTSE 100 firms, up from just 5275 a year before.
More than three quarters of all 100 FTSE members were exposed, with an average of 218 usernames and password stolen, published or sold per company.
The banking sector was hardest hit, accounting for 23% of the total exposed credentials, ahead of the energy, oil and gas, and consumer goods sectors.
Colby DeRodeff, co-founder, Anomali, says: "Security issues are exacerbated by employees using their work credentials for less secure non-work purposes. Employees should be reminded of the dangers of logging into non-corporate websites with work email addresses and passwords."
Anomali also found 438 suspicious domain registrations linked to FTSE 100 members, with 82 firms having at least one. Again, the banking sector is the top target, with 83 registrations, more than double the next industry, energy.
"Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform can aid companies with identifying what other domains the registrant might have created and all the IPs associated with each domain," says DeRodeff.