I have just received this email from Drupal.org:<p>---<p>You are receiving this message because private information on your Drupal.org user account may have been exposed<p>Hello milankragujevic,<p>You're receiving this message because some of your PII was unintentionally accessible on the public internet.<p>On 2024-07-02 the new Drupal.org/jsonapi endpoint was launched.<p>Unfortunately the demographic information user field which should have been restricted as private was made publicly available at this API endpoint by an error on our part. It was discovered on 2024-10-15 and resolved within hours.<p>We have no evidence of scraping of this data by any malicious actors.<p>During the time period that this field was mistakenly made public, 17 unique IP addresses made 28 queries to the user API endpoint. Most of those viewed only a single page of 50 user records, while 2 viewed 2 pages, or 100 user records. It is possible that none of the returned records had any data in this private field, but out of an abundance of caution we are notifying any user who might have been affected.<p>A maximum of 1400 users may have been affected by this issue in total, but more likely it was less than 100 users, most of whom had not filled out the demographic field at all.<p>The issue is now resolved, with the information no longer publicly accessible.<p>Your data which may have been exposed included:<p>Demographic information
Which could be associated with any of your public user information from your Drupal.org profile.<p>We sincerely apologize. We take the security and privacy of your data very seriously, and treat your data in accordance with our Terms of Service and Privacy Policy, in compliance with all relevant regulations and ordinances, such as GDPR.<p>If you choose to, you can delete the information in the Demographic field on your Drupal.org profile by editing your account on Drupal.org. You can also remove your account from Drupal.org at any time, by following the instructions in our documentation.<p>Best Regards,<p>The Drupal Association Engineering Team<p>---<p>The "Demographic information" that the refer to, in the email, is described here: https://www.drupal.org/drupalorg/docs/user-accounts/demographic-information and includes: Ability, Age, Ethnicity, Gender, Gender identity, Race, Religion, Sexual orientation, Socio-economic status/class, Learning differences, Family composition