The FBI is investigating the St Louis Cardinals for a hack of the Houston Astros.
The Cardinals reviewed a “master list of passwords” to access the Houston prospect database. A former employee of the Cardinals now worked for Houston in setting up this system. The FBI tracked the unauthorized login to the home of Cardinals team officials.
source – NY Times. (if the link is paywalled, do a search on google to find the article or add a google refer to your request.)
This illustrates why password reuse is a problem. Additionally if passwords were routinely changed, even with an admin using the same password initially, they would be forced to change it to something else. One does wonder about this “master list of passwords”. I’m guessing these were service or admin account passwords rather than the organization knowing individual user passwords. At least I hope so.