On, November 21st, 2015, a MassRoots user notified our team that certain sensitive information was accessible for certain user accounts when loading the main feeds and profiles.
What information was involved?
The information which was temporarily accessible for certain accounts included a combination of the email address associated with the account, the location in which the user originally registered for the account, and, in rare cases, a voluntary phone number provided by the user. There is nothing that leads us to believe that your personal information was or will be misused in any way.
What we are doing.
Upon learning about the incident, we immediately took steps to resolve the incident and prevent further exposure. On December 7th, 2015, we released a fix that stripped location information. Shortly thereafter, we released a fix that stripped any email addresses or phone numbers from being returned with any public API call.
Additionally, on May 16th, 2016, we migrated to an entirely new backend with a new data architecture and significant improvements to security.
What you can do.
Please notify [email protected] if you believe your information may have been used maliciously. We will immediately investigate any evidence of your personal information being used maliciously. While we have no reason to believe that it has and will work to resolve any issues ASAP.
Additionally, we encourage our community to reach out directly with any issues. Security concerns can be directed to [email protected]. Any other concerns, issues, and bug reports can be sent directly to [email protected].