I installed WordPress locally on a host server. When I activated the Akismet plugin, the link took me to the Akismet site. The site asked to sign up to get the API key. I did and got the key. It worked.
I later went to WordPress.com and there was an account already made for my email address with a login and password. I didn’t create it, and I didn’t know the password. Is that a security breach since the API key is suppose to be secret?
Does WordPress and Akismet have some kind of agreement to create accounts without the user knowing?