Skip to main content

Employees willing to sell company passwords for £100

The recent breaches of large corporation internal systems has lead some security analysts to believe indifference from employees is a key factor, rather than rogue nations attacking the private sector.

Identity management firm SailPoint claims employees would be willing to sell corporate information like passwords for as little as £100 and routinely use the same passwords for almost all applications.

The report also claims employees regularly share passwords and classified information with co-workers.

Over half of the employees questioned said they use the same password for multiple corporate programs.

Corporations are partly to blame for the lack of security understanding, allowing employees to use poor password practices in the workplace. The UK has tried to amend this with more training for IT staff, but to little avail.

“Employees may have moved away from the post-it note password list, by using the same password across personal and work applications exposes the company,” said Kevin Cunningham, president and founder of SailPoint.

"Just think of the major breaches that occurred in 2014 requiring users to change their passwords on social media. If those were the same passwords being used to access mission critical applications, it’s very easy for hacking organisations to take advantage and get into more valuable areas."

The lack of training and use of applications, like '1Password,' makes employees reuse passwords, instead of creating stronger ones, alongside apathy for company security and policy.

This report undermines some of the more common assumptions that stolen private data is instantly in the hands of a rogue nation.

Like with the Sony Pictures case - where 100TB of data was stolen - it could have easily been an employee who knew they were going to be made redundant in the next year who sold the information to a hacker.

Scary thought, isn't it.