Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability.
Trailrunner7 quotes On The Wire:
The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials.
"For Ashley Madison alone, there were
more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."
Misleading article
By Alan Shutko
•
2016-Sep-24 21:58
• Score: 4, Informative
• Thread
This study looked at the email addresses in the data breaches, and looked for email addresses associated with large companies. They then assumed that the passwords used would match the passwords used for corporate resources. The real nature of the study is that "People signed up for services with their work email addresses" which isn't nearly as interesting or clickbaity.