Full access credentials for a production database shouldn't be readily available in a guide. Most new devs would never need to be explicitly told the credentials as they should just be part of the application's secured connections. All db access can then be locked to the production application server and all dev can be done against dev/test/staging rather than production.
For a company who is so free an easy with the db credentials to their master production database along with untested backups then they are just asking for trouble.
CTO can't have had any idea about what he was doing in managing a tech company.