[kbenson]

Do me it reads as if he was fast and loose with something, and didn't really care whether it affected other systems, but didn't intentionally seek to damage systems. That sounds like it would be a hard situation to have happen, but there's so little real info it's hard to tell.

Was it a script on a personal machine he had that was connecting to an old account he didn't thing would work? They say "deployed code", and that can be frightening easy to do in a cloud centric workflow (and if it's old code, who knows what would happen).

Something like that would also explain is current employers reticence to fire him. A mistake where you run something you don't imagine will even work, much less cause major problems that then does so because your prior employer forgot to remove credentials is something that might be looked on with a bit more understanding (and a lot of schadenfreude about he other company's lax controls causing them major problems).