😡 The angry ex-employee

Broken authentication

It's 2 AM and you get a Slack notification that someone just downloaded your entire customer database.

The API logs show it was Marcus's old development key - but Marcus left the company three months ago.

You realise with horror that nobody revoked his access when he was let go.

The download includes customer emails, phone numbers, contract values, and confidential project details.

Technical Issue: API keys were never revoked when Marcus left. Your system has no expiration dates on keys and no process for regular access reviews. Old credentials remain active indefinitely.

What's your immediate first move?

Immediately revoke all of Marcus's API access

Cut off his access and see what data was taken

Check what other access Marcus still has

Audit all his accounts across different systems

Try to contact Marcus directly

Reach out to understand his intentions and ask him to delete the data

Monitor his activity to understand the scope

Watch what he's accessing before taking action

← Select different scenario