I'm a contract worker and often times a company first onboards me to slack, then sends me a bunch of login information in plain text after opening an internal ticket to add me to various systems.
My current company has an internal ‘secret sharing’ tool kind of like Pastebin (but encrypted, one time open links, etc) for one off sharing of things like that. For all other creds we use Vault heavily.
PII, passwords, things like that are NEVER to go over Teams or email.
If these are temp passwords that get changed on first login and expire maybe it's not so bad. If it is a normal password though yes that is pretty bad.
