https://blog.chef.io/2019/09/23/an-important-update-from-che...
That should have been Chef's only response, really. (That, and they still need to explain how a former developer somehow managed to break something.)
That's some horrendous infosec. Why would ICE or anyone use this? Can't Chef use, err, Chef or something like that to remove all credentials as soon as employees leave the organization?