Your team is investigating irregular traffic patterns on your network. After correlating data from different log sources, a series of successful logins is flagged on various systems, all coming from a single internal user account during off-hours over the past month. However, the account's owner has confirmed they did not access the systems during those times. Which of the following is the most likely explanation for these findings?
Use of stolen credentials due to a compromised account
Scheduled tasks are incorrectly using the user's credentials
Outdated log information that hasn't been cleared
Legitimate remote work by the user that they failed to recall