RSS

Company CEO flooded file share with smut, called for help after he deleted it

Bender1 pts0 comments

Company CEO flooded file share with smut, called for help after he deleted it

Jump to main content

Search

REG AD

Security

Company CEO flooded file share with smut, called for help after he deleted it

Also, missing school iPad resurfaced after coach’s kids uploaded video to YouTube

Avram Piltch

Avram<br>Piltch

US editor

Published<br>thu 28 May 2026 // 08:00 UTC

PWNED Welcome, once again, to PWNED, the weekly column where we cover high-security hijinks that are at least partially the victim’s fault. This week, we have a trio of tales that involve incredibly unprofessional behavior, inappropriate use of corporate resources, and outright theft, all dealt with by IT.<br>Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.<br>Our trilogy of tech exposure comes courtesy of Zach Lewis, the current CIO and CISO at the University of Health Sciences and Pharmacy in St. Louis. Before his current role, Lewis worked for various other companies in IT roles and he has some tea to spill.

REG AD

At one job, Lewis was working as a sysadmin when the CEO asked for help recovering photos he had accidentally deleted from a company file share. The files were accessible to anyone at the organization, and Lewis searched archived copies in Google Picasa to restore them.

REG AD

Unfortunately, the pictures the CEO was missing included many that were very much NSFW.<br>“So I was called in to sit down with him and look at it. And we're just like I restore everything. We start clicking images to make sure everything's there, just doing a random subset check,” Lewis said. “And, uh, just some pornography comes up and he's sitting right next to me. I mean, right next to me, he's just like, oh yeah, that's just some of my porn.”<br>When he was done restoring the photos, Lewis left the room. It was clear the boss had no shame and no problem with IT seeing his explicit images or with storing them where any employee could download them. They were even mixed in with official photos and family pictures.<br>However, knowing this was bad policy and could probably lead to a lawsuit, Lewis approached human resources and told them about the problem. The HR representative instructed him to delete all the smut from the network, even though it belonged to the big boss. He did that, and fortunately, did not face any repercussions at work for deleting the big man’s cheeky pictures.<br>He wore a top hat<br>In another instance, Lewis was asked to look at a coworker’s computer when the employee thought he had gotten a virus on his laptop. However, the colleague cautioned IT not to look through his files.<br>After a little while, Lewis noticed a folder filled with other subfolders that were festooned with adult images, both of naked women and of the employee himself without clothes on. All of the photos had appropriately descriptive file names too.<br>Perhaps most embarrassing of all for the coworker is that Lewis saw his semi-naked pictures. To be fair, he was dressed in the images, as he was wearing a top hat – but nothing else.

REG AD

The problem, Lewis notes, is that employees treat their work computers as if they are home computers and do not think about the implications of having personal images on something that belongs to a corporation. He suggests setting a firm policy against this kind of thing and educating workers about the policy.<br>When workers inevitably violate the policy, it’s time for a gentle reminder.<br>“A policy is just, you know, paper, right? It's hard to enforce that,” Lewis said. “You can talk to the user in this instance. In this most recent instance with this guy in the top hat, it was ‘hey, these are company resources’ when I gave the computer back to him.”

MORE CONTEXT

To gain root access at this company, all an intruder had to do was ask nicely

The network password was a key plot point in one of the most famous movies of all time

Using the password 'admin123' wasn't as bad as sharing it on Slack

Sticky-note security turned gym into hall of '80s horrors

Kids’ YouTube upload exposed a potential thief<br>In another gig, Lewis worked at a university. When one athletics coach quit, he was supposed to leave his school-issued iPad on his desk. But when the IT department came to collect the equipment, this tablet was missing.<br>No one could find the missing iPad, but a month later, someone uploaded a new video to the school’s YouTube channel. The video featured a different coach's kids and appeared to have been uploaded from his house.<br>Apparently, the other coach had allegedly snatched the iPad off of the first coach’s desk and given it to his kids. The kids then used the iPad to film a funny home video and upload it to YouTube, not realizing that it was connected to the school’s official YouTube account.<br>Lewis notified HR, who called the apparent thief in. At first, he denied that the children in the video were his offspring. However, the HR agent then showed him a...

lewis company file share called after

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.