Employees may also use corporate emails to register for personal accounts on marketplaces and social media, increasing the risk of account theft and corporate security breaches, according to a study by Kaspersky Digital Footprint Intelligence. Kaspersky shares these findings and suggests key cybersecurity practices to mitigate the risks of credential leaks.

Kaspersky experts analyzed compromised credentials leaked on the dark web between 2019 and 2024 for three popular entertainment platforms: Roblox, Discord and Netflix. The analysis revealed that, on average, 7% of users whose accounts were leaked had registered on these platforms using a corporate email address.

“Registering on various services for personal use with a work email is not best practice. First, you may lose access to these accounts if you change jobs. Second, it can pose security risks for both you and your company. If your passwords follow a predictable pattern across different services – for example, ‘Word2025!’, where ‘2025’ is a recurring part – it increases the likelihood of other accounts being compromised, including your work account, should your corporate email be exposed in a dark web leak,” explains Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence.

Kaspersky experts also found that bank employees most commonly registered their work email addresses on streaming services, marketplaces and social networks. In a few cases, corporate emails were also used as logins on gaming platforms and adult content websites.

To conduct this study, experts compiled a sample of 50 banking sector companies and examined compromised credentials leaked on the dark web, identifying those linked to the corporate domains of these companies across five categories of popular platforms.

Learn more in the report. In light of this growing infostealer threats, Kaspersky has launched a dedicated landing page to raise awareness of the issue and provide strategies for mitigating associated risks.

If you encounter a data leak through infostealers, the following steps should be taken immediately:

• Change compromised account passwords and monitor for suspicious activity associated with those accounts.
• Run full security scans on all devices, removing any detected malware.
• Companies are recommended to monitor dark web markets proactively to detect compromised accounts before they pose risks to customers or employees. A detailed guide on setting up monitoring can be found here. Leverage Kaspersky Digital Footprint Intelligence to track what cybercriminals know about your company’s assets, identify potential attack vectors, and implement protective measures in a timely manner.
• As an enterprise, implement a security awareness program for employees, including regular training and performance assessments. Enforce a strict password policy for all corporate resources to reduce the risks of encountering credential-related cyber threats.