I have no insight into why it’s being done in this instance, but object storage is typically used when you want to move away from storing things on your web server with “fixed” storage, and instead store it in an “infinitely” expandable storage system. It is also much easier to manage when you have multiple servers as it’s separate and shared.

Just to add to this.

This is because the authentication tokens that your browser uses are stored in cookies, these match up with entries in the database.

As a way to mitigate the hack, admins deleted the entries in the database rendering the tokens in cookies useless.

This means that any tokens the hacker got access to are also useless.