The researcher has found a Grafana instance accessible to the public. User sign-up was left open which allowed him to open an account and access charts on various server resource usage.
This report is considered out-of-scope but Pornhub chose to reward the researcher due to the severity of the issue he found and the quality of the report. A publicly accessible Grafana instance was identified. Due to the default behaviour of the application, it was possible to register a new account and view internal information about PH servers and resources.
This vulnerability was discovered using the infrastructure monitoring platform BugLabs.me - http://buglabs.me