Their API leaked all users' login PINs to other users, and they only took a month to patch it! So fast, so secure.