Incident report for June 22
On June 22nd, we got notified by Lunchcat that users' email addresses and names could be accessed through our API.
We have addressed the issue and revised our security policy accordingly.
We deeply apologize for any impact this incident may have had on our users. Our commitment to transparency and prevention remains steadfast. Below is a summary of what occurred, how we resolved the issue, and the measures we are implementing to prevent future occurrences.
Incident timeline
- On June 22nd, at 3:01 PM, we got notified about the issue.
- On June 22nd, at 3:44 PM, we identified the issue.
- On June 22nd, at 3:49 PM, we resolved the issue.
How this affects you
No user action is required to continue safely.
Accessed: User email and name.
Actions and remediations
These are the preventative measures that we have already taken:
- Fixed our misconfigured access policy
These are the preventative measures that we will be taking immediately:
- Improving monitoring and alerting
Conclusion
We sincerely apologize to everyone affected by this incident, and we appreciate your understanding.
Please reach out to us at [email protected] if you have any questions.