Contact us
Contact us

News

About

Home Crypto News One in eight UK workers sold company logins, owners most accepting

One in eight UK workers sold company logins, owners most accepting

Author Alex Climer
Posted: 7 May 2026, 11:11 CET | Updated: 7 May 2026, 11:44 CET 2 min read

One in eight UK workers sold or knew someone who sold company logins in the past year; 43% of C-suite executives and 81% of business owners said selling access can be justified, Cifas found.

A survey by UK fraud prevention service Cifas found 13% of respondents said in the past 12 months they sold their company login credentials or knew someone who had. The poll also asked whether selling access could be justified: 13% of all respondents agreed, rising to 32% for senior managers, 36% for directors, 43% for C-suite executives and 81% for business owners.

Joby Carpenter, fraud and emerging threats lead at ACAMS, warned: “For a meaningful minority of staff, selling company logins is no longer beyond the line — and that should concern every employer.” He called on firms to treat insider threat as a fraud and financial crime issue and to strengthen culture, controls, training and access governance.

Rachael Tiffen, director of learning at Cifas, said: “Selling login details might seem insignificant to those involved, but it can open the door to serious fraud and financial harm.” She recommended regular counter-fraud training, clearer policies on credential misuse and tighter control over who can access systems.

Separate industry research points to rising insider incidents. Arctic Wolf reported 61% of organizations detected insider threats in 2024, with 29% of those detections resulting in a data leak. Exabeam found two-thirds of European security professionals now view insider threats as a larger risk than external attackers; more than half said they had seen a measurable increase in insider incidents over the prior year, and 54% expect that trend to continue.

Security researchers reported evidence of criminal recruitment on the dark web. One team identified 25 unique posts seeking employees to carry out fraud aimed at specific firms, including roles in ransomware attacks, selling confidential business information and running phishing campaigns.

Cifas recommended organizations adopt stronger access governance, regular staff training and clear disciplinary policies to reduce incidents of credential misuse and limit damage when credentials are exposed or sold.

Tags
Security
Alex Climer
Author

Articles by this author

European MSPs must close SaaS sovereignty gap
European MSPs must close SaaS sovereignty gap
7 hours ago
Strategy may sell Bitcoin to fund dividends; shares drop
Strategy may sell Bitcoin to fund dividends; shares drop
1 day ago
ScarCruft trojanizes Yanbian game site to deliver BirdCall
ScarCruft trojanizes Yanbian game site to deliver BirdCall
2 days ago
Channel partners guide firms through AI-driven data surge
Channel partners guide firms through AI-driven data surge
2 days ago
Michael Burry exits GameStop after Cohen’s $55.5B eBay bid
Michael Burry exits GameStop after Cohen’s $55.5B eBay bid
2 days ago

Latest News

MORE
eBay briefly suspends Ryan Cohen’s eBay seller account

eBay briefly suspends Ryan Cohen’s eBay seller account

2 hours ago 2 min read
Panasonic Toughbook launches Elevate partner program in Europe

Panasonic Toughbook launches Elevate partner program in Europe

3 hours ago 2 min read
Malicious PyPI packages install ZiChatBot via Zulip APIs

Malicious PyPI packages install ZiChatBot via Zulip APIs

4 hours ago 2 min read
VanEck predicts Bitcoin could reach million in five years

VanEck predicts Bitcoin could reach $1 million in five years

6 hours ago 2 min read
MORE