Study: 40% of All Corporate Email Breaches Occurred on Websites Used for Personal Purposes

Employees use corporate emails for private purposes, putting companies at risk

Data breaches on work related vs. personal use websites

Researchers from NordVPN Teams analysed over 1.7 million email breaches that affected the world’s largest enterprises. The research revealed that people tend to use their corporate emails for registrations regardless of whether the registration is for corporate or personal purposes.

Company emails in the U.S. and Europe are widely used on entertainment and media sites. Interestingly, the top list includes dating, gaming, last-minute travel deal websites, and restaurant booking platforms. In fact, almost 40% of all breaches occurred on websites that were used for personal purposes. 

The data also revealed which sectors were the most breached. The technology industry was the most exposed, accounting for almost 20% of all corporate email breaches. Education and health sectors came in second and third at 13.3% and 12.9%, respectively.

Credential theft has been on the rise in recent years. According to the 2020 Verizon Data Breach Investigations Report, more than 80% of hacks are the result of credential theft. Credential theft is a growing industry within the cybercriminal ecosystem for the trade and direct use of compromised login-password credentials.

The theft of a single password could compromise an entire database that is not properly protected. Experts warn that employees are making companies more vulnerable to cyberattacks.

‘’Using company email addresses for personal use puts businesses at risk. If those email credentials are compromised, companies might fall victim to account hijacking when hackers have both the email address and password of an email account. They’re then able to change the password and take over the account,’’ says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.

In terms of enterprise security, the most widely used and most easily compromised are login-password credentials, posing a significant risk to any organization.

Data shows that of all email breaches, only 9% of passwords involved were unique.

‘’Despite the heightened awareness of security implications, many users still continue to reuse passwords and rarely change them. According to NordPass, 63% of respondents admitted reusing passwords across their accounts. If that reused password gets leaked, hackers may then have the key to the corporate network too — no matter how complex the phrase is,’’ the NordVPN Teams expert adds.

Google has been working on helping people to create better passwords with Password Checkup. The tool checks logins against a database of 4 billion leaked credentials, recognizing if the password matches the one that’s been leaked. Password managers like NordPass also offer the possibility to check if your password has been compromised in data breaches.  

According to the NordVPN Teams expert, the problem is that it is impossible to apply company security policy to websites that the company does not have control over, and this makes companies vulnerable to attacks. ‘’Educating employees on security is crucial, and companies should invest in regular employee security training’.’

Source: NordVPN Teams