One in Eight Workers Has Sold Their Corporate Logins
One in Eight Workers Has Sold Their Corporate Logins
https://www.infosecurity-magazine.com/news/one-eight-workers-sold-corporate/
Publish Date: 2026-05-06 04:40:00
Source Domain: www.infosecurity-magazine.com
A large share of UK employees have sold their corporate credentials over the past year, exposing their organization to cyber and financial crime, according to Cifas.
The non-profit fraud prevention service revealed the findings in its latest Workplace Fraud Trends report, which is based on responses from 2000 UK employees working in companies with 1000+ staff.
It found that 13% of respondents admitted selling their logins over the past 12 months, or knew someone who had.
The same share (13%) claimed they thought the act of selling credentials was “justifiable” – rising even higher for senior managers (32%), directors (36%), C-suite executives (43%) and business owners (81%).
Read more on credential abuse: Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors
Cifas director of learning, Rachael Tiffen, argued that selling logins can open the door to serious fraud and financial harm.
“These findings show how vital it is for organizations to build fraud‑aware cultures, where employees at all levels understand their responsibilities and the consequences of their actions,” she added.
“Counter‑fraud training plays a central role in helping staff recognize manipulation, appreciate the risks associated with insider activity, and act with integrity when handling access to systems and data.”
The Growing Insider Threat
The Cifas report highlights the growing challenge posed to corporate security teams by their own colleagues elsewhere in the business.
Malicious incidents accounted for 27% ($4.7m) of the total lost to insider risks last year, according to DTEX. On average, global organizations lost $19.5m per business to either negligence or deliberate acts like sharing sensitive data including credentials.
A 2025 Socura/Flare report revealed 460,000 compromised credentials belonging to employees at FTSE100 firms circulating on cybercrime sites.
Many of these come down not to malicious insiders but external attacks. The…
