Infringement
Codebase Integrity Compromise
Data Loss
Delegated Execution via Artificial Intelligence Agents
Denial of Service
Digital Defacement
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Automated Transcription
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Screen Sharing
Exfiltration via SMS/MMS
Exfiltration via Web Service
External Credential Sharing
Harassment and Discrimination
Inappropriate Web Browsing
Installing Malicious Software
Installing Unapproved Software
Internal Credential Sharing
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Presence in Restricted Physical Areas
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF025
- Created: 16th July 2025
- Updated: 09th April 2026
- Contributor: Ryan Bellows
Internal Credential Sharing
A subject knowingly permits, facilitates, or engages in the use of credentials between individuals within the same organization, resulting in a misalignment between identity, access, and accountability.
This includes both:
- Allowing another individual to use the subject’s credentials
- Using credentials assigned to another internal identity without authorization
Internal account sharing undermines identity assurance and breaks the link between authenticated activity and the responsible subject. This degrades audit integrity, weakens access controls, and introduces ambiguity into investigative attribution.
While often rationalized as operational convenience (e.g., task delegation, access shortcuts, or time-saving measures), this behavior creates conditions that enable policy evasion, informal privilege escalation, and collusive activity. In more advanced cases, it may be used deliberately to obscure responsibility, distribute actions across multiple identities, or bypass monitoring tied to individual accounts.
Subsections (1)
| ID | Name | Description |
|---|---|---|
| IF025.001 | Service Account Sharing | A subject deliberately shares credentials for non-personal, persistent service accounts (e.g., admin, automation, deployment) with other individuals, either within or outside their team. These accounts often lack individual attribution, and when shared, they create a pool of untracked, unaccountable access.
Service account sharing typically emerges in high-pressure operational environments where speed or convenience is prioritized over access hygiene. Teams may rationalize the behavior as necessary to meet deployment deadlines, maintain uptime, or circumvent perceived access bottlenecks. In other cases, access may be extended informally to external collaborators, such as contractors or partner engineers, without proper onboarding or oversight.
When service account credentials are distributed, they become functionally equivalent to a shared key—undermining all identity-based controls. Investigators lose the ability to reliably associate actions with individuals, making forensic attribution difficult or impossible. This gap often delays incident response and enables repeated policy violations without detection.
Service accounts also frequently carry elevated privileges, operate without MFA, and are excluded from normal UAM logging, compounding the risk. Their use in this manner represents not just a technical misstep, but a structural breakdown in control integrity and accountability. In environments with compliance obligations or segmented access controls, service account sharing is a critical investigative red flag and should trigger formal review. |