Thing is internal/former employees can do a lot of damage if they are determined to, such as sharing trade secrets. Criminal liability and practical inconvenience are bigger reasons most employees don't, rather than any deep security measure.
The threat model looks different for larger companies, or across different jurisdictions.
That actually reminds me of an early Facebook anecdote I don't entirely recall the details of, but was something like: There was an admin-level master password they passed around and had no idea who had the password.
Basically early on, the site data was entirely 100% non-secure and they were relying on the hope that the password never truly leaked.
I think I read that in The Facebook Effect book years ago. It doesn't exactly seem out of character based on everything else we now now about the org.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Shared test accounts that can access CI deployments and even deploy, without any clarity of who has access to such accounts.
Thing is internal/former employees can do a lot of damage if they are determined to, such as sharing trade secrets. Criminal liability and practical inconvenience are bigger reasons most employees don't, rather than any deep security measure.
The threat model looks different for larger companies, or across different jurisdictions.
That actually reminds me of an early Facebook anecdote I don't entirely recall the details of, but was something like: There was an admin-level master password they passed around and had no idea who had the password.
Basically early on, the site data was entirely 100% non-secure and they were relying on the hope that the password never truly leaked.
I think I read that in The Facebook Effect book years ago. It doesn't exactly seem out of character based on everything else we now now about the org.