I had a CC problem, and I use it for a very restricted number of online services. Luckily the fraudulent attempt was blocked by the CC company. Linode was not at the top of my list of suspects (there was another company that seemed to be storing passwords in cleartext), but now I'm wondering. This was a couple of months ago though... I wonder if that's the right time frame?