Mostly just a small-ish info dump in the event it helps anyone. All flash and nand media can self-wipe if not used for a couple of years (though nand can last longer but may start to slow down to SATA and slower). Even if in an active PC, the parts that are only read but not written this can happen. Learned that from some episodes of “Security Now” podcast and personally saw it happen with a PC I was trying to fix for someone. On the show one of the hosts has a commercal program called “SpinRite” that was made to help with HDDs that have non-moter/actuator issues revive sectors.
Some testers using it found that it also helps with nand that has drastically slowed down from reading spots that never really get writes come back to normal speeds. In my case, I tried it on the PC I was working on and it really did help (the OS was already borked so it wasn’t going to hurt trying it out) with it loading much faster. Obviously the cheaper the flash/nand the faster issues will happen.
I have seen some random motherboards offer basically a pre-erase on SSDs that are acting slow before you re-install the OS to make sure a more complete flipping of cells happens and not just a basic formatting that just zeros the first parts of data and leaves the other cells alone. In that case the data/OS isn’t the focus and wouldn’t need a special paid software (I am only aware of SpinRite just because of the podcast and bought it to support the host that makes it). I am not sure of any free/FOSS software that does the same full drive cell flips, but I imagine there are some (or will be as flash/nand is used more and more).
Main take away is that it is important to make sure to not just let flash drives/SD/nand drives sit without at least hooking up to a PC every now and then. My PS Vita fell victim to just sitting around dead for a few years along with the Vita card I had in it. Fortunately the ROM with the OS is still working and I was able to at least set it up again.
I wonder if it was more like folks putting stuff together to just work (likely with demands of it getting done really quick). But then the folks that got it implemented forgot to change the default/placeholder stuff (at least for the passwords). Just like how basically all routers used to have the same log-ins that never got changed by the end-users because it “just worked” out of the box (even if the labels and setup clearly said to change them first thing). I really hate how companies of all sizes seem to think of IT/sec as something that is just a drain on money that could be used for making profits look better.