On June 22nd, we got notified by Lunchcat that users' email addresses and names could be accessed through our API.

We have addressed the issue and revised our security policy accordingly.

We deeply apologize for any impact this incident may have had on our users. Our commitment to transparency and prevention remains steadfast. Below is a summary of what occurred, how we resolved the issue, and the measures we are implementing to prevent future occurrences.

Incident timeline

• On June 22nd, at 3:01 PM, we got notified about the issue.
• On June 22nd, at 3:44 PM, we identified the issue.
• On June 22nd, at 3:49 PM, we resolved the issue.

How this affects you

No user action is required to continue safely.
Accessed: User email and name.

Actions and remediations

These are the preventative measures that we have already taken:

• Fixed our misconfigured access policy

These are the preventative measures that we will be taking immediately:

• Improving monitoring and alerting

Conclusion

We sincerely apologize to everyone affected by this incident, and we appreciate your understanding.

Please reach out to us at support@midday.ai if you have any questions.