"The whole team uses the same login, it’s just easier that way."
COMPANY
Sector: Marketing & Communications
Size: 10 employees
Location: Brussels
FACTS & FIGURES
10 out of 10 users were affected
Protection efforts: None
Business impact: Client trust breached, loss of key contracts
STORY
At this small marketing agency in Brussels, every employee used the same password to access social media accounts, Google Drive, and client folders.
This meant interns, contractors, and even former staff could log in with the exact same credentials as management. When a disgruntled ex-intern leaked campaign files to social media, there was no way to control access—or to know who had done what.
INCIDENT OVERVIEW
Efficiency doesn’t always mean security. Sharing one login for everything felt quick and simple, but it also meant that no actions could be traced back to an individual.
When a phishing email led to unauthorized access, the consequences were serious: stolen files, leaked campaigns, and angry clients. The only thing shared more widely than the password was the blame.
BUSINESS IMPACT
Exposure of sensitive client materials
Damage to reputation and loss of contracts
No accountability or traceability of employee actions
SECURITY MEASURES
Below is some advice to mitigate risks and strengthen security practices:
Give each employee a unique user account
Enable activity logs and access history
Use a password manager for secure sharing
Immediately change passwords when someone leaves the company