The answer is Yes, but you might want to make sure and wait for another commenter to confirm my answer as I am not very confident. Better yet, why don't you contact the Verisign guys because they can answer you better...
My version of osC has a "lost password" function on the login page which will send an existing customer a new password..
If customers who have not used this function are getting "new password" emails - there's something really wrong!.
The email sent to my client..
From: Gill Andrews <email@example.com>.
Subject: Hobbies Plus - New Password.
To: "Doug MacRae" <firstname.lastname@example.org>.
Received: Monday, 15 December, 2008, 4:50 PM.
A new password was requested from 220.127.116.11..
Your new password to 'Hobbies Plus' is:.
Yes, that is the exact text of the osC message contained in.
Unless someone out there has very carefully emulated this message, then the message is coming to your customers from your store..
Are you sure they have not requested a new password? How many customers have experienced this?.
Well it looks like I jumped before asking..
Turns out the customer did request a new password..
Thanks for all your help...
I am getting customers being issued with an email saying that I have issued them with a new password from my site..
Is this normal or is this some sort of hacking going on?..
Sounds very dodgy .. we would need to see the email .. could well be session hijacking...