OpenID triggerred suspicious activity alert and locked user out
We use Yahoo OpenID to verify the identity of customers. Today a customer of ours who had never used our service before logged in and used Yahoo OpenID to verify their account. Everything worked smoothly, but when the user returned to their Yahoo Mail account they were no longer able to send e-mails and received a 'suspicious activity' warning... The user was able to correct the problem by changing their password and logging out and logging in again. The only connection the user could make was that they logged in using Yahoo OpenID to our service.
What could have caused this issue? We only use the federated login, we don't call any Yahoo APIs or request any other information. All we need is to be able to trust that the person is who they say they are. Is this what could have triggered the issue?