It's good that Linode is taking security seriously, but the pessimist in me wonders; if all it takes to get a password reset site-wide is an attack on a single user, wouldn't that open up a whole new, rather aggravating attack aimed solely at making users fed up with having their password reset all the time?
I'm not sure I'd describe Linode's security stance as 'serious.'
Last I knew, they were running a seriously deprecated OS version for their hosts, and their configuration management systems left a lot to be desired in terms of security.
Perhaps more worrying is how opaque they are about everything. Nevermind the security issues, they won't even provide explanations for 'normal' service outages.
> It's good that Linode is taking security seriously
From what it seems, the only thing they take seriously is responding to incidents like these and letting customers know. If they were actually serious about security, these things wouldn't be happening. It was almost over a year ago since the last event.
