I am a bit shocked, that they want to keep old passwords.
Imagine some hacker gains access to a username - password list. But leeks it a half year later (yes that had happened).
Since you never changed the password every buyer has access to your account.
But, if you would have changed your password, even a minor change, the attackers will ignore your account since they have (usually) a lot of other accounts to try. And why brother with the ones that doesn't work?<p>Password changing gives an advantage even if it's just a minor change. Keep that in mind.