AntiMalwareJuly 15, 2026🇷🇺Translated from Russian

Over 600 Leaked Corporate Accounts Found Per Major Russian Company, with Half Exposing Plaintext Passwords

Average figures from a new study show that more than 600 leaked corporate accounts are associated with each major Russian company, with over half of the credentials appearing on the internet together with plaintext passwords.

Experts from GK Solar and its Solar AURA platform analyzed data linked to the ten largest organizations listed in the RBC500 ranking. They processed almost 19,300 lines containing corporate domains and discovered 6,194 unique accounts, of which 3,739 included passwords in clear text.

Importantly, only 4 % of the exposed credentials showed signs of a direct breach of the companies’ own infrastructure. In the overwhelming majority of cases, employees themselves had used their corporate email addresses — and often the same passwords — on external websites such as marketplaces, forums, training platforms, and SaaS applications.

Once these external services suffer leaks, attackers can simply test the stolen login-password pairs against corporate systems. Short, numeric, or reused passwords make automated credential-stuffing, phishing, support-desk attacks, and password-reset abuse especially effective.

In addition to the corporate accounts, analysts found more than 12,600 records containing employees’ personal data. Even without passwords, such information enables attackers to craft convincing phishing emails and phone calls by referencing real names, job titles, and employers.

Solar AURA researchers advise organizations to implement continuous monitoring of data leaks, enforce multi-factor authentication across all services, and promptly block or force password resets for any compromised accounts.