A cyberattack recently forced Nihon Kotsu, Japan's largest taxi operator, to shut down its internal systems entirely. Booking platforms went offline. Operations were disrupted. Staff were left working around the damage while the company scrambled to contain the breach. For a business that size, the fallout is costly but survivable. For a small or medium-sized business, the same kind of cyberattack can be existential. The lesson here isn't just about taxis — it's about what happens when a business isn't ready, and how attackers almost always get in through a door that was left unlocked long before anyone noticed.
How Cyberattacks Like This One Actually Start
Most business owners picture a cyberattack as something dramatic — a team of hackers targeting their company specifically. The reality is far more mundane and, in some ways, more dangerous. The majority of successful attacks begin with compromised credentials. An employee's username and password ends up in a data breach, gets harvested by malware known as an infostealer, and is eventually sold or shared on dark web forums and marketplaces. Attackers then use those credentials to log in — not break in — to business systems. No sophisticated exploit required.
For Nihon Kotsu, the exact entry point hasn't been fully disclosed publicly. But this pattern holds across the vast majority of incidents investigated by cybersecurity researchers globally. The attacker doesn't need to be clever. They just need credentials that work, and patience.
Why SMBs Are Attractive Targets, Not Safe Ones
There's a persistent myth among small business owners that they're too small to be worth attacking. This thinking is both understandable and dangerous. Attackers using automated tools don't distinguish between a corporation with 10,000 employees and a logistics company with 40. If your credentials appear in a breach database or an infostealer dump, your business is on the list. Full stop.
Small and medium businesses often have fewer security controls, less monitoring, and no dedicated IT security team watching for warning signs. That makes them easier to compromise, not harder. Larger organisations like Nihon Kotsu make headlines when they're hit. Smaller companies suffer the same attacks quietly, and many never fully recover. According to various industry studies, a significant proportion of SMBs that experience a serious cyberattack close within two years.
What the Dark Web Knows About Your Business Right Now
Here's the part that surprises most business owners: there's a reasonable chance that stolen credentials, leaked documents, or exposed data related to your business are already circulating somewhere online. Breach databases contain billions of records. Infostealer logs — files created when malware silently records keystrokes and saved passwords — are traded constantly. Exposed API keys in public code repositories, misconfigured domains, and employee emails tied to third-party data breaches all add up to a picture of your business that attackers can exploit.
The vast majority of SMBs have never checked any of this. They don't know what's out there because no one has looked on their behalf. That gap between what exists and what you know about is exactly where attacks begin.
Breachrr monitors breach databases, infostealer dumps, dark web markets, public code repositories, and domain infrastructure specifically to surface these risks before someone uses them against you. The goal isn't to alarm you — it's to give you the same visibility that security teams at larger organisations take for granted, without requiring you to become a cybersecurity expert.
What to Do Before You Become the Next Headline
The Nihon Kotsu incident is a reminder that no business, regardless of size or industry, is exempt from the risk of a cyberattack. The businesses that fare best aren't necessarily the ones with the biggest budgets — they're the ones that know what's exposed and act on it before attackers do.
Start by understanding your current exposure. What credentials linked to your business domain are circulating in breach data? Are any employee accounts showing up in infostealer logs? Is there sensitive information about your infrastructure visible in places it shouldn't be? These aren't hypothetical questions. For most SMBs, the answers are already out there — the question is whether you find them first or an attacker does.
If you've never run an external audit of your business's digital exposure, now is the right time. Head to breachrr.com/audit and run a free audit to see what's already out there with your name on it.
Want to see if your company is exposed?