[citricsquid]

> So if the portal doesn't have access to Linode Manager

They didn't say that, they said it doesn't have access to the passwords. They have an interface to change details, they just can't read them. So they can reset your password to "hunter2" but they can't see if it's "hunter2".

[glfomfn]

You are right, my bad on that. Still this looks like a Public relations post by them than giving out facts. They should be explaining what the attacker could do by gaining access on that interface, the ability of the attacker to change the password has the same consequences.

The point is that exploited interface had a backdoor access to the virtual machines (to be able to change passwords or w/e)

[nknight]

I understand how this might be confusing to a third party, but Linode's response thus far makes perfect sense to those of us who have been customers for a while. We're pretty aware of the general parameters of Linode's internal systems.