1 comments

  • mtmail 2 hours ago

    Booo for not waiting for the developer's response. It hasn't even been 24 hours. It's not even July/4th in Europe yet.

    > We have no malicious intentions. Our only goal was to identify these security issues and inform the developer so they can be fixed.

    > conducted this research in good faith.

    Posting it online the same day, then posting on HN to promote it isn't good faith.

       - Any user’s private profile could be retrieved, including:
         • Chosen Username
         • Total Segment Count
         • Minutes Saved for the community
         • View Count (how many times their segments helped others)
         • Reputation Score
         • VIP Status
         • Privacy Preferences
    
    Anonymous user names and some counts.