Dear Client,

I'm very sorry about a recent error that caused your password to be leaked. It has automatically been changed, and your new password is below. If you would like to choose a new account password, you can do so once you are logged in. For maximum security, it is recommended you also change your username and use a secure password that is quite different from your previous password.

User: Artyom2040
Pass: ******** =Р
Old: *******
Login: http://my.ismywebsite.com/

Detailed error follows:
Our forgot password system was designed to search for all users under a specific email address which would be entered. As a measure against this error, it made sure the data was not blank. Then, as a measure against any SQL injection attacks, quotes and other symbols were remove from the input.

It simply did a search for all accounts with email addresses or usernames that matched, and returned the password or each to the email address mentioned. When we entered "'" to test the SQL injection protection code, first it tested to make sure the data was not empty. (It wasn't.) Then it removed the quotes, leaving the data empty. Since your account had no second email address, the email address made a match and it was included in the list. You received the passwords to all 'your accounts'.

All affected passwords have been changed at this time, to prevent any further problems. If you have any questions regarding this error, please do not hesitate to ask by replying to this message.

=====================================
Признали таки свою ошибку >=)