Booo for not waiting for the developer's response. It hasn't even been 24 hours. It's not even July/4th in Europe yet.
> We have no malicious intentions. Our only goal was to identify these security
issues and inform the developer so they can be fixed.
> conducted this research in good faith.
Posting it online the same day, then posting on HN to promote it isn't good faith.
- Any user’s private profile could be retrieved, including:
• Chosen Username
• Total Segment Count
• Minutes Saved for the community
• View Count (how many times their segments helped others)
• Reputation Score
• VIP Status
• Privacy Preferences
> We have no malicious intentions. Our only goal was to identify these security issues and inform the developer so they can be fixed.
> conducted this research in good faith.
Posting it online the same day, then posting on HN to promote it isn't good faith.
Anonymous user names and some counts.reply