[smeagol]

ryan's info is public. he put it on our feedback forum. i wanted to make sure everyone was aware of his public info since we (as well as others) were very concerned with his course of action and questionable statement "Still managed to get a few dozen AWS keys though."

i'm not sure why thanking him is in order... ?

5 people emailed me privately about the security issue. we fixed it promptly, and followed up with instructions to everyone exposed (~20) on how to protect their credentials. i haven't yet heard a complaint from our actual users.

[bdcravens]

Great example of why building an app != a startup. You should email all users, and post a public apology on your site or blog.

[mittermayr]

you and i know that saying "~20" is a random number since you had nothing in place to track it. i'd love to hear how you know it's 20. seriously. tell us.

[aw3c2]

Could be http server access logs but if I made glaring mistakes like that I surely would not trust my own server logs anymore.

[whyleyc]

Stop digging yourself into to a hole and just apologise to Ryan and your users like you should have done to begin with.