{"id":270599,"date":"2026-06-11T03:00:00","date_gmt":"2026-06-11T07:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/"},"modified":"2026-06-11T16:40:29","modified_gmt":"2026-06-11T20:40:29","slug":"every-employees-password-was-stored-in-a-single-excel-file","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/","title":{"rendered":"Every employee&#8217;s password was stored in a single Excel file"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/5253784\">Every employee&#8217;s password was stored in a single Excel file<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/5253784\">https:\/\/www.theregister.com\/security\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/5253784<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-11 03:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p class=\"kicker \" style=\"\">SECURITY<\/p>\n<p class=\"subtitle \" style=\"\">The CEO thought this was the best way to deal with some email issues<\/p>\n<p><span class=\"tertiary color_mobile_tertiary font-weight-bold m-font-weight-bold\" data-lab-font_weight=\"font-weight-bold\" data-lab-text_color=\"tertiary\">PWNED<\/span> Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here.<\/p>\n<p><span class=\"tertiary color_mobile_tertiary \" data-lab-text_color=\"tertiary\">Have a story about someone leaving a gaping hole in their network? Share it with us at\u00a0pwned@sitpub.com. Anonymity is available upon request.<\/span><\/p>\n<p>This week\u2019s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He\u2019s been in the industry for more than a quarter of a century and he knows where the bits are buried.\u00a0<\/p>\n<p>At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly. <\/p>\n<p>The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees\u2019 login credentials.<\/p>\n<p>The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file.<\/p>\n<p>In any decent security setup, no one in the company has access to anyone else\u2019s password. Even the head of the IT department should not know another employee\u2019s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems.<\/p>\n<p>But this company\u2019s CEO wanted the usernames and passwords for reasons I\u2019m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/5253784\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Every employee&#8217;s password was stored in a single Excel file https:\/\/www.theregister.com\/security\/2026\/06\/11\/every-employees-password-was-stored-in-a-single-excel-file\/5253784 Publish Date: 2026-06-11 03:00:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":270600,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/image.theregister.com\/5253807.jpg?imageId=5253807&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-270599","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270599"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=270599"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270599\/revisions"}],"predecessor-version":[{"id":270602,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/270599\/revisions\/270602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/270600"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=270599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=270599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=270599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}