Sonic.net

On 2019-08-08 (Thursday) I received an E-Mail with the subject "Your Sonic.net account password has been changed". Ordinarily this would be fine if I changed the mailbox password myself. However, I did not change the password, nor did I give anyone permission to do so on my behalf. Thinking that this might me at best spam, at worse a breach of security or policy, I checked the headers and the E-Mail appears to have been sent from Sonic.

Called Tech Support the same day and they confirmed that the E-Mail was legitimate and that the password was indeed changed. Tech Support could not provide me the new password, nor could they explain a reason for the change. After checking I was told that the person that changed the password had left early for the day and that I would receive an E-Mail on Friday with the new password and an explanation.

It is now Monday evening and I have received nothing from Sonic regarding this matter, further making an already poorly handled situation worse. Sure I could change the password again, but that's completely besides the point.

Sonic, after you change someones password without their permission, don't you think it might be a good idea to let them know the new password and tell them why you made the change?

Hi there,

Sorry nobody has responded to you by now. In this particular case, your password was changed for the following reasons:

• Your password was more than ten years old, and hashed using an insecure algorithm.
• You have not logged in within the past year, which would have triggered an automatic rehash of your password to a current standard.

I should also point out that Sonic will never send you a password via email. You can reset your password by visiting Member Tools at https://members.sonic.net and clicking the link for "Forgot your password" at the bottom.

Again, I apologize that you did not hear back from us before now and for the misunderstanding about how your password was going to be made available to you.