More than three million employee-linked corporate accounts across Fortune 500 companies were compromised between 2022 and 2024, according to cybersecurity firm Enzoic.

This sharp rise is driven by the widespread use of corporate email addresses for personal accounts and the increasing prevalence of infostealer malware. These threats underscore the urgent need for stronger cybersecurity measures, including continuous credential monitoring and stricter password security protocols.

Enzoic’s analysis found that 1 in 10 Fortune 500 employees had their credentials exposed, with each compromised account appearing in leaks an average of 5.7 times. Certain industries have been hit particularly hard—commercial banks and utilities saw nearly 120,000 exposed accounts in 2024 alone, while the telecommunications sector experienced a fourfold increase in compromised credentials. The growing footprint of internet services and retailing also makes them prime targets for cybercriminals. The surge in credential theft is largely fueled by advanced infostealer malware such as Redline, Raccoon, and Vidar, which extract login details, session cookies, and digital fingerprints.

To mitigate these threats, organizations must take proactive steps to strengthen their security posture. Real-time credential monitoring can help detect compromised accounts before they are exploited, while implementing zero-trust security models can reduce reliance on passwords alone. Additionally, businesses should educate employees on the risks of using corporate email addresses for personal accounts to prevent further exposure. As cybercriminals refine their tactics, companies must prioritize these fundamental security measures to combat the growing risk of account takeovers and data breaches.