CEO Stored 2,000 Employees' Passwords in Single Excel File
A national facility services firm's CEO stored all 2,000 employees' usernames and passwords in a single Excel spreadsheet on his desktop. Cybersecurity consultant Luke Irwin highlighted this severe breach of security protocols, where one individual held all company access. This practice is considered highly insecure, as no single person should possess all employee credentials.
Key points
- CEO of a 2,000-employee national facility services company stored all employee login credentials in one Excel file.
- The file, containing usernames and passwords, was reportedly kept on the CEO's desktop.
- Cybersecurity consultant Luke Irwin revealed the incident, criticizing the lack of basic security hygiene.
- Industry best practices state that no single individual, including IT heads, should have access to all employee passwords.
- This exposed all company access to a single point of failure.
A striking example of poor cybersecurity hygiene has come to light, involving the chief executive of a large national facility services organization employing 2,000 individuals. According to cybersecurity consultant Luke Irwin, the CEO maintained a single Excel spreadsheet on his desktop containing the usernames and passwords for every employee.
This practice represents a significant deviation from standard security protocols. Experts emphasize that no single person within an organization, not even the head of IT, should possess access to all employee credentials. Such a centralized repository of sensitive information creates a critical vulnerability, making the entire company's digital infrastructure susceptible to compromise if the file were accessed by unauthorized parties.
Irwin, who consulted for the firm, detailed the incident as a stark illustration of how easily fundamental security measures can be overlooked, even at executive levels. The disclosure underscores the pervasive risks associated with inadequate password management and the importance of adhering to established cybersecurity best practices to protect organizational data and employee accounts.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.