UK anti-fraud non-profit Cifas published research showing that one in eight workers at large enterprises have either sold their company login credentials or know someone who did, based on interviews with 2,000 employees from organisations with at least 1,000 staff. The report notes that 13% of those surveyed admitted to selling their corporate access credentials in the last 12 months.
It highlights that many stolen credentials target business systems such as Microsoft 365 and Salesforce, which can give criminals access to sensitive data. Threat intelligence firm KELA tracked nearly 2.9 billion compromised credentials globally in 2025, with most resulting from phishing and infostealers. Account takeovers in the US surged 6% to over 78,000 last year, according to Verizon, underscoring the real-world impact of credential abuse.
The article also observes that data brokers amass personal details, contributing to a broader risk landscape for both enterprises and consumers, with Malwarebytes offering tools to help remove such data. according to Verizon