Originally Posted by
varkey
Why reset BA password if SITA didn't store BA password in the first place?
Because of fear over poor password practices.
As I understand it, they've got hold of the email addresses used by people's BA accounts.
Now, many people practice poor password hygiene, that is they will register with every site as e.g.
[email protected] / Password123
or whatever. Now there is no leak of the BA password here, but if miscreants can match up that email address that they do have to a password from *another* leak (e.g. from a site that may not even know it has been compromised) then together they have access to the BA account.
Yes, it's a pain for people who do manage passwords correctly, but they seem to have opted to inconvenience them to avoid problems with people who follow the poorer practices above