Hi! The information stated in the community notes is false and misleading.
To be transparent about it this is what happened:
The malicious attack affected our public database tables, where user profile information (emails, username) was exposed.
No passwords were compromised — authentication credentials are managed entirely by our infrastructure provider in a separate, protected system that was not affected.
We do not store passwords, third party credentials (discord login), payment card details, phone numbers, or addresses in our database. Financial transactions are handled by Stripe.
We wish to clarify it to stop the spread of false information.
We are working on it to do better next time and we are sorry about it.
Quote
Kippu
@kippuvip
We are delaying our launch.
We're aware of all the concerns that have been brought up since our launch. We issued reimbursements for all our users and all accounts information was deleted from our systems. We've emailed all users with a full breakdown of our decision and the
Readers added context
That’s false. The whole database got compromised, and people’s emails, names, phone numbers, and addresses were exposed.
x.com/hsp4m/status/2…
Readers added context they thought people might want to know
Again the company is lying.
There was no hacker attack. The confidential data from the database was accessed via public endpoint /get.
Users who showed the leak were careful to blur the confidential data to preserve it.
x.com/hsp4m/status/2…