"13% say they’ve sold logins or know someone who has, survey suggests."
One in eight employees: the raw statistic
The most striking figure in the report is simple and stark: about one in eight employees — expressed in the story as 13% — told a survey that they have either sold work logins or know someone who has. The headline language used by the publisher framed that result as employees being "totally cool with selling work credentials," and the underlying claim the piece carries is that this behavior is present at a measurable, non-negligible rate.
How the story frames "selling work credentials"
The account focuses on a single behavior category: sale or transfer of workplace access credentials, summarized as "selling work credentials" or "selling logins." The report does not supply further operational details — such as transaction channels, price points, or sectors most affected — but it centers the conversation on the idea that employees sometimes treat account logins as transferable commodities. That framing alone is the news peg: an attitudinal and behavioral snapshot suggesting that credential exchange is not merely anecdotal.
What this suggests for security teams and employers
For organizations charged with protecting access to corporate systems, the survey result functions as a prompt: it identifies a human behavior that exists at scale large enough to be captured in polling. The report places that behavior on the risk map without offering remediation steps or quantifying resulting incidents. In other words, the story identifies a prevalence signal — 13% — without attaching further data about consequences, channels, or corrective measures.
How employees, security teams, and adversaries are implicated
- Employees: The survey result indicates that a segment of the workforce reports either participating in or having direct knowledge of selling logins, signaling an attitude or practice that organizations may need to acknowledge when assessing insider risk.
- Security teams and employers: The statistic presents a monitoring and policy question: a measurable share of employees report credential sale or direct knowledge of it, which the report implies is material to how organizations think about access controls, oversight, and internal trust.
- Adversaries or buyers of credentials: The story's central claim — that credentials are being sold — implies there is demand and supply, at least according to respondents. The piece does not name buyers, marketplaces, or specific threats; it simply positions credential transfer as an extant behavior respondents reported.
Closing observation: a narrow fact with broad implications
The report offers a compact but consequential data point: roughly 13% of respondents say they have sold work logins or know someone who has. That single statistic is the story's engine. It does not map the downstream effects, name the surveyor, or provide technical detail, but it does place employee behavior — the commoditization of access credentials — into the public view. Organizations, auditors, and risk managers now have a plain number to reckon with; how they choose to probe, measure, and respond remains unstated in the piece but is the logical next conversation the statistic invites.




