Some things never change.
I once broke into a remote system by causing the login to abort. Which dropped me onto the top level directory. Which had one file. Which contained the admin password.
I added a second file, suggesting they remove the first file and disable interupts in their login program.
That was in 1981.
The software has gotten more sophisticated, but the humans make the same errors.
https://www.theregister.com/2025/09/15/ransomware_recovery_codes_plaintext/