Originally Posted by woj

After taking a moment to analyze the "evidence", I concluded there are 2 possible logical explanations to all this:

1. They are telling the truth (there were some database problems)

The database got corrupted, stuff like that happens. Normally what happens in a situation like that everyone panics for a min, then someone in the group realizes, "Wait a min, don't we have a backup from last night?" Database gets restored, missing data since the backup is recovered from the log files. End result: Everything is back to normal. However, everything was not back to normal, everything got recovered except the passwords. Also, it's worth noting, that certain accounts were not effected at all by this "database problem." I don't see any logical explanation for that under this scenario.


2. There was a hacking attempt (which may or may not have been successful)

Hacking attempt was detected and narrowed down to certain accounts. For example, brute force attack was detected, and a list of accounts with failed logins in the past 24 hours was compiled. As a precaution, passwords to effected accounts were changed to minimize possible damage. This explains why only certain accounts were effected.


I guess there are also other possible explanations, like programmer error for example. Programmer was doing work on the database, and accidently wiped out half the passwords. But in my opinion they would all fall into "1" category, database corruption that can be easilly recovered.