Just reminds me of an idiot PM we had who after realizing you could do the + thing on Gmail addresses made the devs block it, then didn't understand why qa and anyone else testing using those types of email accounts got mad when no one could get in or create new accounts
Is it bad I couldn't tell if this was going to be that breach, which probably wouldn't have been disclosured if one of their customers hadn't reported it, or a new one?
Amazing how everyone gets so mad at the government providing it instead of only having it because your boss felt gracious enough to not provide the worst possible options for insurance
But don't you dare try and make them disclose that or have any ethics