This happened to me with “Dropbox” a couple times this year. I’d get an email warning me my credit card info needed updating or was about to expire. I’d log into Dropbox via browser and there would be no warning of any sort. I think I updated my info anyway, and I let them know I thought someone was trying to use them to phish people, but they totally didn’t care. Maybe they can’t do anything about it anyway?