(no title)

There was quite a bit of back and forth between the team that managed the servers, the owners of the company and M1. After a few weeks M1 was finally given access. Within a couple of days he brought a complaint against another manager (M2) that M2 had hijacked M1's personal email and was storing it on one of the internal servers.

Meetings were held into the night to discuss what should be done. M2 was called in, credentials revoked and they were placed on leave while an investigation could take place. Overnight every single server was compromised and no one could get in to anything.

M2 brought in a lawyer, the company brought in a lawyer and all of management and most of the employees were sat down in a room to figure out what to do about this mess.

Turns out M1 had re-used the same "password", which was a single lowercase english word, on EVERYTHING. His personal email, any account on any service maintained by the company and had changed his secure password on the superuser accounts he had just been given to the same one.

There was a literal paper trail of M1 providing this password to the majority of the people in the company. Provided in printed memos asking to have accounts set up, emails asking to have accounts set up, other people having it on the standard sticky note on monitors, M1 saying "and make the password..." in the common workspace for anyone to overhear, etc etc.

Of course, one of the servers had SSH open for remote access... and you can see where this is going.

Expensive forensics team was brought in, servers recovered, and it was determined that M1's account on the SSH server was targeted by automated logins not too long after he was added to the company's website.

M2 is cleared and brought back, M1 had their role decreased and was gone not soon after.