[fiatpandas]

I also find it really troubling they haven't released a "Here's what we're doing different" blog post in response to the attack. Their only blog post on the matter came a week (2 weeks?) after the intrusion, which they were of course pressured to release after everyone found out via a pastebin IRC transcript... By chance I happened to sign up for my first Linode account the day before that hit HN.

I hope their silence on the aftermath is due to an ongoing investigation with feds, or something, where they can't talk about it yet. Do they think their customers are stupid and will forget the incident?

Imagine if AWS had a security breach of that magnitude. They would release an initial 4000 word blog post in grave technical detail, and then follow up with a 25 page white paper, or whatever.

Oh, and to stay on topic, I tried Linode's 2-factor with Google Authenticator and it works well.

[threeseed]

   Do they think their customers are stupid and will forget the incident?

Yes. They have done it before and people on here still recommend them with a straight face. It honestly confuses me that people care so little about security.

[hkmurakami]

I'm one of those people who have a slight interest in the security but don't know enough about it to be properly informed about my own decisions.

For people like me who basically can't make my own decisions properly, where should I switch to? Is DigitalOcean better in this regard?

[Kudos]

Digital Ocean is largely untested in this regard.

[raverbashing]

And that's the real issue

Two factor auth addresses the user password as being a weak link, and this is a nice step

Oh and btw, yes, the private keys were on the server, with a passphrase