I left one job to switch to another. A year later, my new job started using a cloud-based task management app. When I went to sign in, my 1Password auto-filled the credentials I'd used for the same app at my previous job, and there I was looking at all of my old employer's current projects and other confidential info. I called my old boss (who I got along with just fine), told him what happened, and asked him to please cut off my access immediately.
When you leave a job, it's in your own best interest to make sure that all of your access is removed. It's a lot harder for them to blame unexpected happenings on you if you can't even log into the thing. (Not that this happened here. I just wanted to point out a gotcha you might not have thought about.)
If you find out that they missed something, report it to them immediately and keep that paper trail demonstrating your good intentions toward them. Then hound them about it until they get around to fixing the situation. And for the love of God, don't ever, EVER log in "just to look around". Absolutely no good can come of that.
You come up with a plausible story, possibly involving an automated password manager, and post it in a public forum where you mention that you have documented all the events and your honest behavior in the matter.
I think they meant ‘don’t log in, discover you have access, then browse and take no further action’. You can try to log in, you just need to inform someone immediately if you have access when you shouldn’t. That’s my take anyway.
That's what to do when it happens accidentally. It would also make sense to do so immediately after you left. They already made sure that you left behind all relevant keys, documents, and your work computer. It would be natural and in both parties' interest to ensure that all other credentials have been revoked as well in time.
You're right - I guess in that case it would be wise to ask your previous employer to provide proof that you're no longer able to access anything, and no longer liable. Many wouldn't offer that, but I'm not sure how else you could navigate that.
I think the common sense approach would dictate that a persons motive would need to have been shown to be nefarious for criminal proceedings to have any chance. Ie. Intent. Without intent, I struggle to see any court move with this, but I'm no lawyer - just an engineer!
When you leave a job, it's in your own best interest to make sure that all of your access is removed. It's a lot harder for them to blame unexpected happenings on you if you can't even log into the thing. (Not that this happened here. I just wanted to point out a gotcha you might not have thought about.)
If you find out that they missed something, report it to them immediately and keep that paper trail demonstrating your good intentions toward them. Then hound them about it until they get around to fixing the situation. And for the love of God, don't ever, EVER log in "just to look around". Absolutely no good can come of that.