2022 Mobile World Congress Exclusive: Telcos & Digital Identity Cyber Risks

iStock 1300138249 1 scaled

Ahead of the 2022 Mobile World Congress, Constella Intelligence conducted additional research and developed new findings by analyzing the breaches, exposures, and leakages of corporate credentials from employees and executives at the top twenty Telco companies on the Fortune Global 500 list. This new report, which features data analyzed from January 2018 through September 2021, offers a direct focus on the digital vulnerabilities that Telco companies have faced in recent years, and provides a foreshadowing of what to expect in the years to come.

Our research identified a total of 4,873 breaches and leakages and 5,561,409 exposed records tied to employee corporate credentials from the companies analyzed. These significant numbers highlight the impact that the COVID-19 pandemic has had on company workforces and growing risks of cyber threats across the world.

Constella’s Mobile World Congress 2022 Exclusive Report: Telcos & Digital Identity Cyber Risks, specifically focuses on the digital risks faced by Telco companies across the globe. These digital risks come from human-, technology-, and data-centric vulnerabilities that threat actors exploit in order to gather sensitive information and launch large-scale attacks against Telco companies and their customers. The report shares statistics and information on the corporate credentials that make up the exposed records and data breaches that have become so prevalent in today’s largely internet-dependent world.

As a company focused on digital risk protection, cyber intelligence, and cybersecurity, working to analyze cyber crime across the surface, deep, and dark webs, we recognize the significance of these increasing numbers. Threat actors are continuing to exploit companies’ employees and executives through data breaches and data harvesting, spotting their vulnerabilities and attacking companies where they are weakest. This report details the continuous digital threats Telco companies are experiencing and reviews the statistics of corporate credential exposures and leakages.

Key Telco Exposures Report Findings Include:

  • Constella found over 5.6M exposed records from 4.9K breaches and leakages pertaining to corporate credentials since 2018 across the world’s largest Telco companies. The number of exposed records skyrocketed in 2021, accounting for 57% of the 5.6M exposed records.
  • Exposure of Telco executives and their personal information is widespread – 43% of Telco executives have had their corporate credentials exposed in a breach or leakage since 2018.
  • Telco employees are likely incurring risk by using corporate credentials on non-essential sites like gaming, social media, and others. 13% of breaches occurred on third-party domains classified as “gaming” and 4% on social media sites.
  • Over ⅔ (67%) of the breaches and leakages identified include personally identifiable information, and diverse attributes. Sensitive information, such as passwords and names, are common attributes among the exposed records.

What Can Be Done to Protect Employees and Companies?

It is imperative to ensure that proper security and password protocols are adhered to by all employees, no matter where the employees are working from. Threat actors aim to take advantage of the risks brought on by new hybrid and remote work models introduced to the workforce due to the COVID-19 pandemic.

The more websites a corporate email address is used on, the more likely it is that an employee’s information could be exposed. Cautious usage of corporate credentials can make a difference in limiting attack vectors that raise vulnerabilities for employees and their corporate networks.

Additionally, companies must be diligent in safeguarding individuals that hold privileged access to corporate networks and critical infrastructure. Changing passwords frequently, not reusing passwords, limiting sharing of personal information on public social platforms, applying customized privacy settings, and using multi-factor authentication are just a few ways employees can protect their data. In addition, companies and their leadership should make it a priority to develop proactive, continuous monitoring programs to remain vigilant of exposed sensitive information and personal data circulating on the social, surface, deep, and dark web that can enable a broad range of cyber risks.


Learn More About Your Organization’s Risk Exposure

Executives and key employees like privileged IT personnel and HR are the new attack vector for cybercriminals as they have top-tier access to sensitive information which can lead to credential theft, account takeover, and a ransomware attack. Surprisingly, most organizations do not recognize a need for employee protection – until it’s too late. Constella Employee Protection helps organizations rapidly identify and remediate threats targeting 1000s of key employees at scale with real-time monitoring, and automated early warning alerts when credentials have been exposed.

Read the full ‘2022 Mobile World Congress Exclusive: Telcos & Digital Identity Cyber Risks‘ report to learn more.

Press Announcement

Try our Exposure Risk Tool to see if you, your company, or your employees have been exposed – FREE.

Jonathan Nelson headshot e1646667482187

Jonathan Nelson

Digital Intelligence Specialist