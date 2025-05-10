AIRLINK 140.00 Increased By ▲ 12.73 (10%)
Technology Print 2025-05-10

Corporate email users at risk of account theft: Kaspersky

Recorder Report Published 10 May, 2025 06:08am

ISLAMABAD: A global cyber security company has revealed that employees using corporate emails to register for personal accounts on marketplaces and social media is increasing risk of account theft and corporate security breaches.

A study by Kaspersky Digital Footprint Intelligence issued on Friday analyzed compromised credentials leaked on the dark web between 2019 and 2024 for three popular entertainment platforms: Roblox, Discord and Netflix. The analysis revealed that, on average, 7% of users whose accounts were leaked had registered on these platforms using a corporate email address.

“Registering on various services for personal use with a work email is not best practice. First, you may lose access to these accounts if you change jobs. Second, it can pose security risks for both you and your company. If your passwords follow a predictable pattern across different services –it increases the likelihood of other accounts being compromised, including your work account, should your corporate email be exposed in a dark web leak,” explains Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence.

Kaspersky experts also found that bank employees most commonly registered their work email addresses on streaming services, marketplaces and social networks. In a few cases, corporate emails were also used as logins on gaming platforms and adult content websites.

To conduct this study, experts compiled a sample of 50 banking sector companies and examined compromised credentials leaked on the dark web, identifying those linked to the corporate domains of these companies across five categories of popular platforms.

If you encounter a data leak through infostealers, change compromised account passwords and monitor for suspicious activity associated with those accounts. Run full security scans on all devices, removing any detected malware. Companies are recommended to monitor dark web markets proactively to detect compromised accounts before they pose risks to customers or employees, the study added.

