Well you’re right that it’s not their job to represent customers. Their client is the company.

But telling your client to sweep something like this under the rug isn’t exactly great advice.

But rotating credentials would not hurt or help that alleged goal of hiding the truth from customers...

“force rotation of all customer credentials” = make customers change their passwords, which is a huge red flag that would draw attention to why they were forcing that.

Github just recently logged out all users because they had a bug that could leak other account data into sessions. They were very transparent about why they did that, what happened, and I for one trust them more for it.

But for GitHub it was mostly a preventative measure, while for Ubiquity, regardless of how transparent they were, it would look really bad.

Of course it looks even worse now that we know they didn't do anything to help customers.