CMOtech Asia - Technology news for CMOs & marketing decision-makers
Asia

Guides

#
ai agents
#
customer data platforms
#
customer experience
#
digital signage
#
marketing automation

Search

Warehouse retail storefront exposed credentials cyber risk network
#
Ransomware
#
Supply Chain
#
Risk & Compliance

Retail & wholesale hit by exposed shared credentials

Fri, 23rd Jan 2026
Author image
By Shannon Williams, News Editor

Black Kite has published research that points to widespread exposed credentials across retail and wholesale firms and their shared supply chain, with more than half of suppliers showing signs of compromised logins.

The company said its 2026 Wholesale & Retail Report assesses cyber exposure across retailers, wholesalers and common vendor categories such as IT services, software platforms and financial services. It described the two sectors as an interconnected target set for attackers, rather than separate markets.

One of the central findings focuses on exposed credentials. Black Kite reported that over 70% of major retailers had exposed credentials. It put the figure at nearly 60% for wholesalers. It reported 52% across supply chain organisations assessed in the study.

Shared exposure

Black Kite said attackers exploit the overlap between wholesale and retail. It described threat actors that operate across both sectors and target companies connected through common suppliers and business relationships.

"When we think about the supply chain, we often picture logistics and warehouses, but today the real threat is the expanded ecosystem," said Ferhat Dikbiyik, Chief Research & Intelligence Officer, Black Kite.

"The bottom line is that wholesale and retail's greatest risk is their shared supply chain, and as we have seen time and time again, just one vulnerability in a common vendor can create systemic impact affecting both simultaneously. The era of checklist compliance is over. Third party risk management programs must evolve by securing the weak points across every partner in the ecosystem," said Dikbiyik.

The report also points to attack methods that can work across both sectors. Black Kite referenced "Stealer Logs and MFT exploits" as examples of tools and malware that threat actors use in campaigns aimed at retail and wholesale organisations.

It said attackers look for the easiest point of entry across the combined landscape. The report described scenarios where a breach of a wholesaler could present access routes that attackers then use against a retailer that works with that wholesaler.

Ransomware patterns

Black Kite's findings also cover ransomware victim profiles in both sectors. It said 17% of retail ransomware victims had revenue over $1B. The company framed that as evidence of "big game hunting" in retail.

Wholesale showed a different pattern, according to the report. Black Kite said 39% of wholesale ransomware victims had revenue in the mid-market range of $20M-$100M. It attributed that distribution to attackers running a "volume game" against smaller enterprises.

The research also placed emphasis on supplier concentration. Black Kite said two vendor categories, Professional & Technical Services and Information, dominated the supply chain dataset it examined. It reported 793 companies in Professional & Technical Services and 705 companies in Information, for a combined total of 1,498. It said these outnumbered "physical categories by a significant margin".

Known vulnerabilities

Black Kite's report highlights vulnerability exposure among critical suppliers. It said 42% of critical supply chain vendors were exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities Catalog, which lists security flaws under active attack.

The company said credential theft represented the dominant access vector in the sectors it studied. It also said the shared supply chain represented the largest risk area.

In its recommendations, Black Kite said wholesalers, retailers and vendors should prioritise patching vulnerabilities listed in the CISA KEV catalogue. It placed particular emphasis on vulnerabilities that grant Remote Code Execution, which it said ransomware groups actively weaponise.

Black Kite positions its work around third-party cyber risk management and supplier monitoring. The company said it has more than 3,000 customers and maintains risk intelligence coverage spanning over 40 million companies.

The report's focus on shared supply chain exposure comes as retailers and wholesalers continue to digitise procurement, inventory management and payments, which increases reliance on third-party platforms and managed services. The research argues that this connected environment changes the risk profile for both sectors and increases the potential for issues at one supplier to affect multiple downstream organisations.

"The bottom line is that wholesale and retail's greatest risk is their shared supply chain, and as we have seen time and time again, just one vulnerability in a common vendor can create systemic impact affecting both simultaneously," said Dikbiyik.

Related stories
Ramadan 2025 reshapes Southeast Asia shopping journeys
Marketers: Get ready to AI-proof your careers
Camunda names Chris White Chief Revenue Officer amid AI push
CDN market to hit USD $42.89bn as edge demand surges
Nebula links partner rewards to ESG outcomes at renewal

Top stories

Wordly launches Workspaces for everyday AI translation
Visa survey shows trust gap on AI at online checkout
Teads to sell Samsung Smart TV homescreen ads in APAC
CelcomDigi honours artisans in Lunar New Year push
OpenAI unveils Frontier to deploy AI coworkers at scale