this kinda thing happens quite alot - i used to work for the largest telecommunications company in the Uk where I did credit managment - this give me access to XDirectory phone numbers, bank account details, debit card details, addresses of every residential customer that used the company. There were checks in place to ensure that you couldn't just wander in and out of peoples accounts but these checks were only for the advisors obviously managers being in a trusted postion had free access.
But on more than one occasion I needed more access than my acount would allow (I also helped out with installing new software/general tech stuff as well) so instead of the manager loging in for me and then wiating while i did what needed to be done he would simply note down his user/pass on a post-it and give it to me - this account give me full access to al systems including those of the Royal Family and Goverment officials - heck I could have refunded myself out a couple of thousand pounds to my account if i had wished.
Luckily for himI aint that kind of person but it is these lax security measures that are a sys admins greatest threat not "hackers"

v_Ln