A couple of years ago LinkedIn decided they might have a security problem (iirc it was around the time the Gawker passwords were breached, and everyone was running around like headless chickens).
Instead of saying something like, "Your account might be vulnerable, so we're forcing you to change your password" and shunting people to a password change page, they handled it by - turning off access to a pile of accounts, with no indication why (nor any answer to emails requesting info on why) - after 24 hours, turning access back on but forcing people to change their passwords, with no indication why (simply a "here's our change-your-password page, change it now") - after about 48 hours, sending email to people saying, "Gee, we had to do that, your password might have been compromised." This time they may have said something up front [because the breach is definite and on their server(s)], but I - well, I would be very cautious.
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
