OSINT

Colonial and the price of leaked credentials

Jonathan A

2 min read
Colonial and the price of leaked credentials

What is the price of leaked credentials?

Lessons from the Colonial Pipe ransomware attack


On May 7th, 2021, a leaked set of credentials from the Colonial Pipeline resulted in a 4,4 million US dollars ransom pay-out to the Russian-speaking ransomware group known as DarkSide. On top of the ransom, the group stole 100 gigabytes of sensitive data.

Colonial Pipeline is one of the largest and oldest pipeline operators in the United States. Transporting roughly 2.5 million barrels of fuel daily the Colonial Pipeline provides roughly 45 percent of the East Coast's fuel, including gasoline, diesel, home heating oil, jet fuel, and military supplies. It took 5 whole days for the company to resume operations and the downtime resulted in increased fuel prices, political tension, panic buying and general public unrest.

When a company the size of the Colonial Pipeline is impacted so greatly by a cyberattack, the first things that come to mind are state-backed hacking groups, zero days and advanced supply-chain attacks. However, none of these were responsible for the incident that ended up costing the Colonial Pipeline 4,4 million USD in bitcoin. Instead, the breach could be traced back to a leaked VPN account. Bloomberg writes that “The VPN account, which has since been deactivated, didn’t use multifactor authentication […] allowing the hackers to breach Colonial’s network using just a compromised username and password.”
The case of the Colonial Pipeline attack is just the latest in a rapidly growing list of cases where hackers successfully exploit trivial cyber defence oversights such as leaked or weak credentials to breach massive multinational firms. The tendency underscores how important it is for organizations to uncover the sensitive information it has leaked on the internet, and this is webscout’s purpose and strength.


When you launch the webscout, it searches darkweb hacking forums, breach databases such as ‘have I been pwned?’, file sharing services such as pastebin and other less known sites for leaked credentials associated with your organization. The overview of leaked credentials created by webscout allows you to react before the hackers, effectively preventing your organization from becoming the next ransomware victim.

If you have more questions regarding how webscout can secure you from ransomware attacks, please contact [email protected]