I am a moderator on a motorcycle forum. the host of that forum also hosts 1,198 other forums.
their host database was hacked and passwords stolen like a year or two ago????
then along comes a security alert from xyz security service, and OMG the
IT folks go into a Super Panic Mode!!!
What ever will we do to be safe????? Let's close it all down, right now, yeah, that is the thing to do....
So, instead of putting up a notice on the forums for all of us to change our passwords while we could still access the forums, they decided instead to do two things:
1. they deleted every password on the entire host database..... several million users were instantly shut down....
okay, lots of folks have not updated their email addresses in years, even if they could remember what their password was.....
2. they set the forums up, yes, all 1, 199 forums to send out emails to all of the members "right now".....
This caused a huge flood of emails to email servers and they all decided that a DNS block was in effect, so they just shut down all email messages from the forums.... period!
step #1 blocked me and all other moderators from being able to get on the forums and start Damage Control. I was locked out for 5 days.....
step #1 has a backup plan to send you a new Password if you requested the forum to do so. Well, all of the email servers had put a block on our forum emails.... so, none of us ever received that new password email update, and that is assuming that your current email is the same that the forum has.
Step #2 was also a disaster, as most of our members could not even remember what email address they had used, much less what the password was that their browsers were "remembering" for them...
that nightmare is still having bad side effects, and it happened 5 months ago, maybe 6??
I have posted up my personal phone number in the "Bad Password" message, and I still get 3 to 5 calls a day to help folks repair their passwords.... that was the only way I could fix the mess created by a very bad decision.
IMO, just blanking out all passwords is the worst thing that can happen to a healthy forum. My forum has not recovered the activity that it enjoyed just 7 or 8 months ago... it is just a thin shell of its' former self.
.once you piss folks off that badly, they never come back.
Much better to just post up a notice: "Please change your password"