Heard a security guy say 'most hacks aren't from the dark web, they're from people sharing passwords at work'

I was grabbing lunch at that deli near my office last Thursday and overheard two IT guys talking. One said most breaches at his company came from employees sharing login credentials on Slack. It made me think about how I used to text my roommate my Netflix password without a second thought. Now I'm wondering if I should be more careful with shared accounts at my job. Has anyone else run into this where a casual conversation changed how you handle logins?

2 comments

2 Comments

rowan_hayes26d ago

Oh man, the Netflix password sharing hits close to home. I used to hand out my Hulu login like candy, never once thinking about how that trust could get abused. But for work stuff, yeah, it's a completely different beast. One person's Slack message sharing a password can turn into a security breach real fast if that info lands in the wrong channel or gets screenshotted. It just takes one careless moment and suddenly the whole company is doing a password reset.

the_holly26d ago

Wait, has nobody thought about how password sharing makes it basically impossible to actually track who did what when something goes wrong? Like, if three people in accounting all use the same login for the billing software and suddenly a bunch of refunds get issued to fake customers, HR can't even start figuring out who's responsible. You end up with a situation where nobody wants to admit they shared the password but everybody's pointing fingers at each other. That's the real nightmare, not just the security part. It turns a technical problem into a messy people problem where trust gets destroyed and nobody can prove anything.