I just wanted to take a moment to apologise for what is already being called #NOTESGATE
I was alerted to the situation about an hour ago, and within minutes we put up a quick fix to make it so that only admins can see PMs. This was the quickest solution and we're working on a permanent fix.
Several users have confirmed that until the new site went live, the ability to change post numbers and see posts that were not sent to you was not a possibility. This is reassuring and I'm sure when we built the notes system that this was something we checked quite a lot.
I just want to let you all know that I'm very sorry that for a brief moment of time this was possible. We have never been able to read your notes and nor has anyone else. We will restore notes as soon as possible, but I'm wondering whether it might make sense moving forwards to delete the archive of notes to save anyone fearing that anything isn't as secure as it could be.
I'm sure you all know that none of this was done intentionally, and I hope you understand that DiS is a very small company with limited resources. It's just myself full-time at DiS and I'm not a developer. We've had one developer working on the site upgrade and rebuild for the past 5 weeks, with another more experienced developer over-seeing the process (who did work on things 18months ago - we didn't have the funds to continue the work until recently, and we're already out of money!). If we could raise the money to fix and triple-check everything, we would, for sure.