Due to a caching oversight, the occasional user may have opened the widget contact form and seen someone else's email address in the email text box. This issue started about a week ago and was resolved yesterday.
This would not have prevented them from sending a ticket: they could easily replace this address with their own. It's possible some of these users accidentally sent a ticket with the cached address attached; unfortunately, there's no way to determine how many may have done this. Users had no access to private info, aside from seeing an email address out of context. We don't know how many people were affected, but the fact that it took so long to surface suggests it was a small number.
This was an unfortunate oversight on our part. Moving forward we won't cache private information like email address, so this shouldn't happen again.
If you have any questions, please let us know.
Head of Community, UserVoice