Re: Quite an understandable mistake - except for the CEO
I was once responsible for some of the networking in the (academic) organisation where I worked.
We had BT's X.25 PSS service connected to one of our DEC VAX systems. Someone tried to 'hack in' and seeing it reported I made a quick 'in retaliation' connection to their server... There were a few well-known system s accounts on VAX, with default passwords. I logged in on the first attempt because they had not altered theirs (just lucky for me it was a VAX).
After noting they had a dozen or more systems, with names suggesting they were spread widely across Europe, I managed to find a mail list for the board members. I left a task in the queue to run a few weeks later, middle of the working day, middle of the week, telling them their security was poor if they still had default passwords on privileged accounts.
I have no way to know if it ran, and I probably wouldn't do it nowadays, but it seemed sensible to at least warn a few of the decision makers, hopefully in different countries, there was a security issue, possibly on more than 1 of their systems.