October 25, 2017 |

Study Shows 30% of CEOs Have Been “Pwned,” Passwords Exposed

Email exposure study also shows 81% of the world’s top CEOs have had their personal information exposed in spam lists or leaked marketing databases. Buckinghamshire, UK – October 25, 2017: Nearly one in three major CEOs has been “pwned” using their company email address, according to a new F-Secure study of CEO email exposure. In […]

Email exposure study also shows 81% of the world’s top CEOs have had their personal information exposed in spam lists or leaked marketing databases.

Buckinghamshire, UK – October 25, 2017: Nearly one in three major CEOs has been “pwned” using their company email address, according to a new F-Secure study of CEO email exposure. In other words, a service they access using their company email has been hacked and the password they use for that service has leaked. Without proper password practices, this potentially increases their susceptibility to targeted attacks.

The study, CEO Email Exposure: Passwords and Pwnage, delves into known company email addresses used by top executives from more than 200 of the biggest companies in ten countries. Researchers compared those addresses with F-Secure’s database of credentials leaked from breaches of online services. Among other findings:

• The most common previously breached services for CEOs to link their company email with are LinkedIn and Dropbox.
• The countries with the highest percentages of CEOs who’ve linked their email to these breached services are Denmark, at 62%, and the Netherlands, at 43%.
• 81% of CEOs have had their email address and other personal information such as birthdates, addresses, and phone numbers exposed online in the form of spam lists or leaked marketing databases.
• The countries with the greatest level of CEO info exposed on spam and marketing lists are the Netherlands, the UK and the USA, all at 95%.
• Just 18% of CEOs have no leaks associated with their email address.

“This study once again underscores the importance of proper password hygiene,” said Erka Koivunen, Chief Information Security Officer at F-Secure. “The CEO’s credentials may have leaked even when they have done nothing wrong. We can assume that a many of the services we’ve created an account in have already been compromised and the old passwords are out there on the internet, just waiting for targeted, motivated attackers to try them against other services.”

By using poor password habits, a top executive is putting their own accounts at risk – but not only that, company data as well. According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default, or stolen passwords.* A breach caused by unauthorized use of a CEO’s credentials would be difficult to spot for most companies, who are ill-prepared to handle breaches, according to data from F-Secure risk management assessments.

Using a unique, strong password for each online account is fundamental to keeping hackers at bay – and experts recommend using a password manager to make it seamless and easy. F-Secure Password Protection, the only available password manager that comes integrated with endpoint security clients, is a brand new component of F-Secure Protection Service for Business. It will be released on November 1.

For more details, password advice from a white hat hacker, and to find out when CEOs should link social accounts with their company email, download the full report, CEO Email Exposure: Passwords and Pwnage.

*Source: 2016 Verizon Data Breach Investigations Report, http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
More Information
REPORT – CEO Email Exposure: Passwords and Pwnage


About F-Secure
Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecureukteam | facebook.com/f-secure

F-Secure media relations

Geoff Dorrington
PR manager, F-Secure UK & Ireland
E: geoff.dorrington@f-secure.com
T: 01753 376592


Latest Events
Press Archives
Select Year

Latest Press Releases

March 15, 2018

F-Secure’s Aviation Cyber Security Services Takes Off

F-Secure’s new service combines expertise in aviation and cyber security to help aviation companies protect their most critical assets. Buckinghamshire, UK – March 15, 2018: Trust is everything in the aviation industry. And a successful cyber attack – even a minor one against something like an in-flight entertainment system – could undermine confidence in airlines […]

February 28, 2018

F-Secure Introduces Unique Partner-Driven Service to Stop Targeted Cyber Attacks Globally

Channel partners have immense new service opportunities to protect their customers from rising numbers of targeted and fileless attacks with a leading-edge managed endpoint detection and response service. Buckinghamshire, UK – February 28, 2018: Businesses globally are being compromised by an onslaught of targeted and fileless cyber attacks, and industry-leading cyber security vendor F-Secure is […]

February 22, 2018

Incident Detection, Email Attacks Continue to Cause Headaches for Companies

F-Secure’s new Incident Response Report points to email inboxes as the weakest link in security perimeters, and finds that companies struggle with quickly and accurately detecting security incidents. Buckinghamshire, UK – February 22, 2018: Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new […]

February 14, 2018

F-Secure appoints Beta Distribution as a UK distributor of security solutions for corporate resellers

Buckinghamshire, UK – 14th February 2018: Global cyber security company F-Secure today announces the appointment of Beta Distribution as a UK distributor for corporate resellers. Beta Distribution, Headquartered in London and with offices throughout the UK, is a specialist product, services and solutions IT distributor which serves over 3,000 resellers across the UK, including over […]

%d bloggers like this: