Found work emails registered on 5+ 3rd party sites (OPSEC risk)

I've been doing some auditing on our domain's digital footprint today and realized how badly our "no personal use of work email" policy is being ignored. I used that user-scanner tool (the one that’s been trending lately) to run a few of our active corporate handles just to see the hit rate. Honestly, the results were a wake-up call. On just one senior-level work email, it flagged registrations on 5 different 3rd-party platforms, mostly old sites, a gaming site, and a random e-commerce shop. None of these are authorized for business. The real concern here is the credential stuffing risk. If any of those 5 platforms have a data breach (and old sites do), our corporate email is officially sitting in a leaked combo list for attackers to target our actual infrastructure. Have you guys ever experienced it? submitted by /u/Then_Pace_5034 [link] [comments]

Source: https://www.reddit.com/r/cybersecurity/comments/1rhy5f4/found_work_emails_registered_on_5_3rd_party_sites/