And in some cases, people will use their professional email addresses and maybe even passwords to set up personal accounts.
While this might seem like a harmless act, a recent report by Digital Shadows says that by doing this, companies could be put at risk by data breaches, even if it wasn’t their company that was hacked.
The report says: “Organisations with employees who have reused corporate emails and passwords can also be at risk. These organisations suffer from the “collateral damage” of the initial breaches.
“Indeed, our latest research paper found that, for the largest 1,000 organisations in the world, there are more than 5 million leaked credentials.”
And while one might expect company emails to be used for certain sites that have been the victim of data breaches, such LinkedIn and Adobe, the research also found that a huge number of people were using their professional email addresses to sign up for sites like affairs platform Ashley Madison.
For this particular breach, there were over 200,000 leaked credentials from the top 1,000 global companies listed by Forbes.
Digital Shadows said: “Even with unique leaked credentials identified and passwords reset, compromised credentials hold significant value for cyber-criminals.
“The information can be used for botnet spam lists, extortion attempts (as was the case with Ashley Madison), spear-phishing, and account takeover.”
Read more about the potential risks in the Digital Shadows report.