[dpwm]

And fundamentally he did the most important thing: told them about it. They seem to have got the message that they needed to shut this thing down ASAP. It seems highly unlikely from the nature of the alleged negligence that they found this unauthorized access for themselves in the way they give the impression of.

The reddit post has been edited recently and takes away most of the content, but from the emails it definitely looks as if their "compliance team" is trying to scare.

My own personal experience having received many very scary letters is that it tends to be the ones that look the most terrifying that turn out to be the least to be feared, but there are definitely exceptions to this.

In any case, their message to the victims of their alleged negligence states that there was no malicious intent and should make any civil consequences rather difficult.