Might be something so mundane as forgetting to clear his history on the company laptop (or they restored it - they mention computer forensics a few times).
If your browser does't encrypt your cookies, they sitting on the disk unencrypted at rest, easily read right of the filesystem. You could then use those cookies to gain access to the respective sites/services/accounts they're tied to.