Internal threat: Password re-use and 3rd party leaks
What are the odds that someone from your organization reuses their login credentials in a 3rd party site?
This is a serious risk and the larger your organization, the more likely it is that someone reuses their credentials in a site that gets breached. The site HaveIBeenPwned, where people can check if their credentials have been leaked, already has roughly half a billion password hashes available.
1) Take two-factor authentication into use to add an extra layer of security in your organization (for example, see Microsoft authenticator or Google Authy, depending on your needs).
2) Take a look at the list of passwords on HaveIBeenPwned. If possible, verify your user base against the publicly known passwords there. If you are a website administrator, use its database to disallow these compromised passwords.