I work at a company that develops and hosts a small business critical system. We have an "Elastic cloud server" from a professional hosting provider.
I recently got an email from them saying that they've had some problems with their backup solution and that they needed to install a new kernel.
And they wanted us to send them the root password so they could do this work.
I know that the email came from them. It's not
[email protected] or anything like that.
I called them and asked them about this, and they were like "yep, we need the password to do this".
It just seems odd to send the root password over email like this. Do I have any reason to be concerned?