My password was rejected on desktop and mobile website beginning Thursday night, despite being correct. Eventually I was locked out. I could still access my account via the app, which uses fingerprint for login. I didn't see any unauthorized access, so I reached out via Twitter to see if login could be reset without changing my password and was told that it would do so automatically after 24 hours from the initial lockout. It didn't. (The copy/paste reply also suggested that I had forgot my password, which was annoying.) Then I received the email referenced above, so I reset my password. Still no unauthorized access, but it does appear that this was either a breach or some kind of larger glitch. In further texts with the Twitter rep I suggested Southwest consider two-factor authentication, and was told that, no promises but they're looking into it -- for what that's worth.