

Using Lyft share link you can pull all names of users - mauerbac

It seems through Lyft&#x27;s new share link you can pull the names of all the users. Ex: https:&#x2F;&#x2F;www.lyft.com&#x2F;invited&#x2F;MATT2398. Decrementing the last four digits exposes other users. You can try this with other names. Not sure if this is a vulnerability since it&#x27;s just names. Surprised they didn&#x27;t hash them.
======
steveklabnik
You should probably report this to Lyft directly.

