Every employee’s password was stored in a single Excel file

Staff Editor 2026-06-11
Every employee’s password was stored in a single Excel file

Every employee’s password was stored in a single Excel file

https://www.theregister.com/security/2026/06/11/every-employees-password-was-stored-in-a-single-excel-file/5253784

Publish Date: 2026-06-11 03:00:00

Source Domain: www.theregister.com

SECURITY

The CEO thought this was the best way to deal with some email issues

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here.

Have a story about someone leaving a gaping hole in their network? Share it with us at [email protected]. Anonymity is available upon request.

This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. 

At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly.

The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials.

The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file.

In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems.

But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague…

Source

More Stories

From urgency to action: Advancing quantum readiness across agencies

From urgency to action: Advancing quantum readiness across agencies

Staff Editor 2026-06-11
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

Staff Editor 2026-06-11
Fortinet OT Cybersecurity Report: 53% of Industrial Orgs Under CISO

Fortinet OT Cybersecurity Report: 53% of Industrial Orgs Under CISO

Staff Editor 2026-06-11

Terms and Conditions - Privacy Policy