Yup! Corp comm has failed here. Not issuing any additional statement and not communication with the (paying) customers about the (for customers potentially damaging) actions taken. This just erodes the corp image and the customers trust.

Devils Advocate: depending on level of access an attacker has, that info could be used to more carefully hide surreptitious actions.

This would be plain security by obscurity which is the worst kind of security.

I hate that trend in modern services.

They just decide something's wrong with your account but don't tell user what, or why it was decided.

Their fancy schmancy machine learning technique probably can't articulate

In theory it's to reduce information for bad actors, but we know in practice it never really works this way.

Don't send people on a goose chase because you're obscuring details for "security."