While it won't help this leak as it used an employee login, they might want to rethink this approach
For the DevOps August Meetup there is a slight hint of Sage in the air.....
Mike Goodwin will explain “why we have not patched a server in two years but are not worried about it”
David Darwent will then discuss a "framework from monitoring in a DevOps world"
http://www.meetup.com/DevOpsNorthEast/events/232248313/