I almost (ALMOST ) permanently overwrote the only config file (e.g. no backup) that contained an encryption key for user logins. This would have disabled my clients' ability to login to my site and also made it impractical (if not unethical) to hack their encrypted passwords.
In the grand scope, nobody's died here; but, as a fledgling website, any annoying thing could prevent users from coming back.
Let's say I did make the mistake that affected ALL my users.
How would I then go to them and acknowledge fault?
Is it simply a matter a of emailing something to the effect of
Dear Client, We messed up. We are sorry. Here is what you need toOr maybe a little bit more detail? More chagrin?
do to fix.
I'm guessing there's no single "right way" so a general rule of thumb would be helpful.
Obviously, admit your mistake, apologize, and include the steps they need to take. I'd recommend including enough information that they understand why it happened, in addition to what steps you are taking to ensure it doesn't happen again. For your situation, that would say that critical data was accidentally deleted and that you are putting in place a DR plan and backups to prevent any future data loss.
We actually did that once with a very high profile user. Be honest about what happened but there's no need to dwell too much on the details unless they specifically ask for more. That person continued to use our software despite the mistake. If they like your software, they'll continue to use it. If they don't, well you haven't lost much.
State laws legally require you to notify users of any security breaches involving users' personal information. So if the passwords were actually reset by some other cause that was not your doing, be aware of these: http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx