this might be the best example of how to address a security leak from any team i’ve seen dealing with similar circumstances.

direct, thorough explanation, and going above and beyond to help affected users.