Dear Sunrise User,
We have been informed that our database provider (MongoHQ) has experienced a security breach. In handling security incidents, our priorities are to make sure your data is safe, eliminate the control failures that allowed the breach to occur, and to report the incident accurately to our customers.
Here is what it means for you:
- Your Google, Facebook and Twitter data are safe. We’ve refreshed the identification key that allows our servers to communicate with your connected accounts, which means any data that could have been taken by a malicious party is useless before or after the incident.
- Your LinkedIn, Foursquare and Producteev data are safe. You’ll just have to reconnect those services to Sunrise, as they don’t offer the same security control as Google, Facebook or Twitter.
- If you chose the “Email” option to signup to Sunrise: your Sunrise email and password are also safe. We encrypt them in our database using the industry standard algorithm (bcrypt).
- If you connected an iCloud calendar to Sunrise, even though we don’t store any credentials, the security breach may have put some of your calendar data at risk. As a precautionary measure, we recommend that you change your iCloud password and reconnect it to Sunrise: simply click here and then click on “Reset your password” to do it.
- As one of the many precautional measures we are taking, we will be logging every Sunrise user out of the app. Simply log back in using the “I’m Already a Sunrise User” button and choosing one of the options that you had previously connected to your account.
- Just to be clear, none of the data affected by this incident has any access to your credit card or banking information.
If you run into any trouble or if you have any questions, please email us at firstname.lastname@example.org. We are here to help.
We are incredibly sorry that this happened. Your security is very important to us, and once we were aware of the issue we took immediate steps to protect you and maintain your trust.
CEO at Sunrise