We would like to apologize for the incident that took place on Wednesday January 17, 2024.
On that date we released a new version of Furkot, which had a bug in implementation of the Keep me signed in option.
In consequence the content of the planned trips and the account details of 22 Furkot users were shown to a small number of different Furkot users. The exposed data included the usernames and emails but not passwords. Data of each affected user were available for a brief period of time (minutes to tens of minutes) and each had been seen only by a small number of other users. We estimate that between 1 and 3 people had seen the data per each affected user and it's unlikely that a person had seen data of more than one affected user.
The data have been exposed between 7am GMT (6pm AEDT, 8am CET, 2am EST, 11pm PST) and 2:30pm GMT (1:30am AEDT, 3:30pmCET, 9am EST, 6am PST). The passwords were not exposed and no access to any account was gained beyond that timeframe. There is no need to change your password in Furkot or any other service for the affected users.
After discovering the problem we rolled back the faulty Furkot release and invalidated affected credentials thus removing the possibility of further exposing the data that has already been seen.
We will be contacting all the affected users individually notifying them about the incident.
If you have any questions and concerns please contact us at firstname.lastname@example.org
1. Was I my trip info shown to others?
If you do not use
Keep me signed in option you are not affected by this incident.
2. Do I need to change my password?
No. Neither your password, nor the derived password hash was compromised in the incident. There is no need to change your password. As always we do recommend that you use a password manager to facilitate creating and maintaining unique and hard to guess passwords.