We recently received new information regarding our 2015 security incident which is relevant to Linode customers who activated their account before 2016.
As detailed in our January 2016 blog post, we reset passwords for all users at that time after investigating unauthorized access to some customer accounts. This new information confirms the scope of database access included customer contact information, email addresses, Linode metadata, and, for about 200 Managed customers, encrypted credentials. We’ll be notifying affected Managed customers directly.
We want to remind everyone to maintain best password practices; use a password manager, create strong passwords, do not reuse them across services, and secure your accounts with two-factor authentication.
It is also important to be diligent against phishing emails. Linode will never ask customers to submit any personal information over unsecured channels, such as online messengers, social media, or other third-party platforms. If you receive an email that appears to be from Linode and looks suspicious, you can forward it to firstname.lastname@example.org or contact Customer Support to verify its authenticity.