Finjan, a computer security company, uncovered a system of online commercialization of over 8,700 stolen FTP credentials belonging to renowned organizations and enterprises, including user names and passwords. Most of the companies are listed in Forbes 500, but Finjan representatives refused to give the list of companies whose data has been compromised.

According to the Malicious Page of the Month report, the credentials were available for anyone to purchase, which would further allow hackers to break into the systems and compromise the servers of companies around the world, including over 2,500 North American organizations, said Yuval Ben-Itzhak, chief technology officer for Finjan.

Companies that have been compromised became vulnerable to imminent attacks, and still are if they didn’t take measures. The report says at least 10 of the top 100 most popular websites have been compromised, without giving specific names of course. Companies that believe could have suffered a security breach of this kind were asked to contact Finjan representatives immediately.

Cyber-crime became a phenomenon in the recent period, and it grows to unimaginable levels every year. In this case in particular, a special market for those ‘special’ buyers has been set, and thousands of companies have been just a click away from a cyber-attack. Anyone could have purchased the stolen credentials, including valid usernames and passwords.

This was a business that eased the works of hackers and could have, if they haven’t already, given companies quite a headache. The stolen File Transfer Protocol (FTP) credentials might have been obtained through Trojans, according to Yuval Ben-Itzhak, and the largest number of companies came from the United States and Russia.

"Software-as-a-Service has been evolving for sometime, but until now, it has been applied only to legitimate applications," said Ben-Itzhak in a written statement. "With this new trading application, cybercriminals have an instant solution to their problem of gaining access to FTP credentials and thus infecting both the legitimate Web sites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button."