Construction firms at risk after half a million login credentials found on dark web

More than 600,000 breached company email credentials from the UK’s leading construction, architecture and property firms are readily available to criminals on the dark web, cybersecurity firm RepKnight has found.

The credentials were found using RepKnight’s dark web monitoring tool BreachAlert, as part of the company’s campaign to raise awareness of the dangers of the dark web among enterprises. Over 450,000 of the breached credentials were from the UK’s leading construction firms. 110,000 were linked to top UK architecture firms and just over 47,000 were associated with property developer firms.

RepKnight say that the breached credentials could be used by cybercriminals to gain unauthorised access to a host of sensitive corporate information, including tenders, proposals, plans, drawings and client data, which could severely damage a business.

Cybercriminals can also research the compromised credentials against public information such as LinkedIn profiles, to identify strategic targets within an organisation. Then, accessing the target’s email without having to change passwords or raise suspicion enables cybercriminals to redirect (exfiltrate) internal and external emails to an account under their control. For example, RepKnight recently assisted a large client who had over 5,000 emails re-directed to an unauthorised person in a five-day period.

Patrick Martin, cybersecurity analyst at RepKnight, said: “With the growth in digital information sharing across the construction project lifecycle, the possibility of a data breach occurring at some stage becomes ever more real. Because of this, these firms must ensure that they have ‘high visibility’ of their data at all times and have safety measures in place to protect it, especially because most of their sensitive data often lives outside the firewall. Monitoring for cyber-attacks or data breaches inside their corporate network is no longer enough, as it is possible that a breach can happen anywhere across the entire supply chain of your business.

“As such, dark web monitoring technology is crucial to dealing with the threat of data breaches, giving firms the ability to monitor millions of dark web pages and associated dump sites and acting as a ‘burglar alarm’ for their data.”

If you would like to contact Andy Walker about this, or any other story, please email