If you count the OG IP bots that logged and publicly doxxed user IPs… then yes—that’s a breach.

I believe coracle was saving nsecs upon login but it was supposedly a coding error. I believe some of those users were compromised but the ones that used a signing extension were fine.