Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

One in Five Employees Would Sell Work Passwords: Survey

One in five employees are willing to sell their work passwords to an outsider, in many cases for less than $1,000, according to a survey conducted by identity and access management firm SailPoint.

One in five employees are willing to sell their work passwords to an outsider, in many cases for less than $1,000, according to a survey conducted by identity and access management firm SailPoint.

SailPoint’s Market Pulse Survey, which is based on the responses of 1,000 people working at large organizations in the U.S., Europe and Australia, shows that employees’ poor security practices often expose companies to potentially damaging attacks.

Despite the increasing number of incidents involving stolen credentials, poor password hygiene and negligence continue to be a problem. According to SailPoint, 65 percent of respondents admitted using a single password for multiple applications, and roughly one-third of them have shared passwords with their co-workers.

Furthermore, one in five employees said they would sell their work passwords to a third-party. In the United Kingdom, for instance, more than half of respondents who said they would sell their passwords, would do it for less than $1,000.

In the United States, 40 percent of those who are ready to sell their passwords would do it for less than $1,000. Worryingly, some employees said they were willing to sell corporate access credentials for less than $100.

SailPoint noted that since the organizations taking part in the survey employ, on average, roughly 50,000 individuals, the report shows that 10,000 of them would sell their passwords, 32,500 use the same credentials across multiple apps, and nearly 17,000 share passwords with co-workers.

The 2016 Market Pulse Survey shows that one in three employees have purchased SaaS applications without their IT department’s knowledge, and a quarter of respondents admitted uploading sensitive information to cloud applications with the specific intent to share the files outside their company.

The main reason office workers chose to bypass IT when acquiring an SaaS application are the IT department’s tendency to overcomplicate things and slow down the process.

The survey has also highlighted the need to disable the accounts of former employees. More than 40 percent of respondents said they still had access to a variety of corporate accounts from their previous job.

While their poor security practices expose their organizations to data breaches, most employees are concerned about their personal information being shared, and 40 percent of them said they would stop doing business with a company that suffered a breach.

“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers,” commented Kevin Cunningham, president and founder of SailPoint. “Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”

Related: Breach Detection Time Improves, Destructive Attacks Rise – FireEye

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...