ICYMI: The Fortune 500 Darknet Index

In case you missed it: Last week, we released the first-ever OWL Cybersecurity Darknet Index: Reranking the Fortune 500 using Darknet Intelligence (DARKINT™). Our study assessed each company in the 2017 Fortune 500 list and ranked each company based on data exposed on the darknet.

What we did

To compile the Darknet Index, we ran each member of the 2017 Fortune 500 through our proprietary OWL Vision database and adjusted these results based on computations of “hackishness”— our proprietary algorithmic rating system which scores based on the likelihood that data could be used for nefarious intent and how recently the data was made available, with recent results given the most weight.

To obtain our results, we analyzed data to assess the extent of the presence of each company on the darknet, primarily by company domain(s) and email domain(s). We weighted the results of our calculations by the timeliness of a company's exposed data. For example, recent results (within the last 90 days), were given a heavier weight when factored into a company's Darknet Index score, as recent breaches or data leaks containing an organization’s proprietary information commonly make the company a target.

The Darknet Index scores reflect our algorithm that factors in weights for things like timely relevance (see above), and hackishness, an element created by our analysts and applied in order to score the results based on the likelihood that each company's exposed data could be used for nefarious intent. Duplicate or otherwise irrelevant results were also removed from each final score in order to yield the most accurate overview of a company's true darknet presence.

Scores in this iteration of the Darknet Index range from 0 to nearly 20 (with the highest being 19.16). These scores are on a logarithmic scale, meaning that the darknet footprint of each company increases exponentially with every darknet score point. In fact, every point increase in the score reflects almost triple the profile of a point lower.

Ultimately, each company was assigned a resultant Darknet Index Score that represents the company's exposure on the darknet, and thus associated risk.

What we found

This study revealed that every company on the Fortune 500 is exposed on the darknet. Below you can see our sneak peek at the top 10 companies on the Darknet Index: Amazon.com, Alphabet (Google), Apple, Facebook, eBay, American Express, Frontier Communications, Netflix, Texas Instruments and FedEx.

 The top 10 companies on the first iteration of The OWL Cybersecurity Darknet Index.

The top 10 companies on the first iteration of The OWL Cybersecurity Darknet Index.

Additional insights include:

  • Amazon leads the index. The company with the largest darknet footprint is online retailer Amazon, who has a massive internet presence and possesses significant customer data.

  • Technology and telecommunications companies overall are the largest target. Technology and telecommunication firms have the highest Darknet Index scores, indicating that they are the most attractive firms targeted by threat actors.

  • Financial firms perform better than expected. Financial firms — frequent targets of hackers — fare better than expected, likely reflecting their focus on significant investment in cybersecurity in recent years.

  • Hacked valuable data = Increased risk. The highest scoring companies all had credentials and/or intellectual property exposed on the darknet which can be monetized by others.

  • Vigilance pays off. Investing in cybersecurity has tangible Darknet Index score benefits. Sectors which have invested heavily have, in some cases, smaller darknet footprints and, thus, lower Index ratings.


Based on the results of The OWL Cybersecurity Darknet Index, it is apparent that DARKINT is a key factor in a complete information security approach. Analyzing and monitoring darknet data as an integral part of a complete cybersecurity program allows organizations like yours to swiftly detect security gaps and mitigate damage prior to the misuse of compromised data. Please download the report and contact us with any questions or for more information.