He was a system admin. So he reset their password and then logged in as them.
The system wasn’t smart enough to catch him, or report the event, or raise any other flags.
Piss poor security.
The system still worked as designed. The human element is what failed.
SkyNet 2.7 will fix this problem.