My somewhat educated conspiracy theory is that companies do this when they know their user data has been stolen, but they don’t want to go public with the breach.
Just quietly invalidate everyone’s password so everyone is forced to update them, making the stolen data useless.
My somewhat educated conspiracy theory is that companies do this when they know their user data has been stolen, but they don’t want to go public with the breach.
Just quietly invalidate everyone’s password so everyone is forced to update them, making the stolen data useless.
This happened to me recently, it was actually a password policy change. My old password didn’t have all the required types of characters
So it was saved in plaintext?
Your own fault for not encrypting it before you type it in 🧠
Not a conspiracy. Sysadmins have admitted to doing this all over the internet.