Received this mail:
Dear Humio user,
On Monday, November 4th, we became aware that an authenticated user of cloud.humio.com could use an API call to retrieve a full list of cloud.humio.com users, including names and email addresses. No other information was exposed.
You are receiving this email because your name and email could have been exposed.
We only know of a single incident where someone unintentionally accessed this information. They immediately reported this to us (thank you!). However, we can’t definitively identify whether any other users accessed and stored this data. If you retrieved any user names or email addresses, we kindly request that you delete them.
The issue was fixed the same day that it was reported.
We are truly sorry this happened. We take security very seriously, and our team is reviewing the factors that permitted this to occur. We are not aware of any other possible attack vectors, but are continuing to work with internal and external security experts to maintain the system’s privacy and security.
If you have any questions about this incident, please contact me directly at email@example.com.
Kresten Krab Thorup
CTO and DPO
Dyssen 1 8200 Aarhus Denmark
Please keep User Voice for suggested features. If you have access to a data breach you’d like to submit, get in contact with me here: https://www.troyhunt.com/contact/