70% of Major Retailers Have Exposed Credentials, Study Finds
Black Kite finds 70% of major retailers have exposed credentials, with APAC facing 34% of global cyber incidents. Supply chain vulnerabilities threaten brands.
Black Kite's 2026 Wholesale & Retail Report reveals that over 70% of major retailers and nearly 60% of wholesalers have exposed credentials, creating widespread vulnerabilities across interconnected supply chains that put customer data and brand reputation at immediate risk.
The research, analyzing data from over 40 million companies, found that 52% of supply chain organizations show signs of compromised logins. These exposed credentials create multiple entry points for attackers who increasingly target both retail and wholesale sectors simultaneously through shared vendors and business relationships.
Shared Supply Chains Amplify Attack Risks
Rather than treating retail and wholesale as separate markets, Black Kite emphasizes their interconnected nature as a unified attack surface. "The bottom line is that wholesale and retail's greatest risk is their shared supply chain," said Ferhat Dikbiyik, Chief Research & Intelligence Officer at Black Kite. "Just one vulnerability in a common vendor can create systemic impact."
Mission Media
The research identifies Professional & Technical Services (793 companies) and Information sector vendors (705 companies) as dominating retail supply chains, totaling 1,498 organizations. This concentration creates significant risk, with 42% of these critical vendors exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities Catalog.
Attackers use tools like Stealer Logs and managed file transfer exploits to target both sectors simultaneously, taking advantage of common suppliers and business relationships that span retail and wholesale operations.
Asia Pacific Faces Heightened Vulnerability
The credential exposure crisis carries particular urgency for Asian markets. APAC accounts for 34% of global cyber incidents according to IBM X-Force 2024 data, with 80% of regional breaches involving credential-based system intrusions.
Recent high-profile cases demonstrate the real-world impact. AEON Credit Service in the Philippines, part of Japan's AEON Group retail conglomerate, suffered a breach exposing 15.77 GB of customer financial data. Acer Philippines had employee credentials leaked via a hacktivist campaign on underground forums, highlighting how credential theft creates both immediate security risks and potential supply chain attacks.
Latitude Financial's 2023 breach exposed 14 million APAC customers' data, showcasing the scale of crisis communication challenges organizations face when credentials are compromised. Despite these risks, only 12% of APAC organizations quantify their cyber exposures, leaving most unprepared for potential breaches.
Distinct Ransomware Patterns Emerge
The report identifies different ransomware victim profiles between sectors. In retail, 17% of victims had revenue exceeding $1 billion, indicating attackers pursue "big game hunting" tactics against major brands. Conversely, 39% of wholesale ransomware victims fell in the $20 million to $100 million mid-market range, suggesting attackers play a "volume game" against smaller enterprises.
Black Kite recommends organizations prioritize patching CISA KEV catalog vulnerabilities, particularly those enabling Remote Code Execution, which serve as primary ransomware entry points. Dikbiyik warns that digital transformation in procurement and payments has amplified third-party risks across increasingly connected retail and wholesale environments.
The research underscores how exposed credentials throughout supply chains create cascading risks that can trigger both operational disruptions and significant brand reputation damage across the interconnected retail ecosystem.
Want to stay up-to-date on the stories shaping Asia's media, marketing, and comms industry? Subscribe to Mission Media for exclusive insights, campaign deep-dives, and actionable intel.
