Nearly half of 1,000 U.S. workers surveyed admitted to abusing credentials tied to a former employer after leaving the company. Deeply concerning is 10 percent did so with the intent to disrupt company activities.
According to the study by website Password Manager, 47% of workers surveyed said they continued to access accounts such as email, software and digital tools related their past job. Password Manager also reported that 58% of respondents indicated that companies failed to change the passwords of past employees which allowed the ex-worker to maintain access to company resources.
Password Manager also reported 44% of respondents said even when the password was changed they were able to regain access to company networks and resources via someone still working at the organization sharing access credentials with them.
Top reasons for wanting access to a former employers network or resources was access to paid subscriptions (25%) and disrupt (10%) company activities, access company email (64%) and access company data (44%).
“Companies are responsible for the integrity of their operations,” said Daniel Farber Huang, head of privacy and cybersecurity. “Ideally the company creates standard operating procedures or consistent schedules of updating passwords based on criticality.”
In addition to the 15% of respondents saying they had been caught using passwords from their old jobs, 1 in 3 said they had been using them for upwards of two years.
“There can be huge implications for misuse of proprietary information,” said Huang.
Interestingly, the same number of respondents, 47%, said their previous employer had reached out to them because they forgot or lost company credentials and needed the former employees help to retrieve them.
“This issue is one element in a broader framework of trust between entities and the individuals they rely on to operate and thrive,” said Huang.