3commas has apparently had another security incident

I've just received the email from 3commas:

Dear 3Commas Users,

We are writing to inform you about a recent incident that has come to our attention concerning the security of your 3Commas accounts.

What Happened?

We have received reports from a few customers regarding unauthorized trades on their accounts shortly after their account passwords had been reset. We took swift action to address the situation, including implemented additional security measures and initiated an internal investigation.

Based on our investigation, and our current understanding is that a security incident took place, which presumably resulted in unauthorized access to customer account data. Fortunately, to the best of our current understanding, in only a few customer accounts were passwords reset and alleged unauthorized trades conducted. The latter mainly affected customers who had not enabled two-factor authentication (2FA). Please note that the data accessed did not include your API secret data and account passwords.

What we are doing?

In response to the few customer reports, we took immediate measures to address the situation. We shifted the approach to password resets and deployed an additional functionality so that, now, after passwords are reset, all API connections are disabled to provide an extra layer of security.

We will continue with our investigation into this matter. Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.

This website had too many security breaches, stay safe out there