HackerOne: Number of invited researchers disclosed as part of JSON search response

2015-08-04T22:46:14
ID H1:80597
Type hackerone
Reporter jessescitech
Modified 2015-08-05T00:22:04

Description

I was informed via email that the bug I tweeted about (https://twitter.com/jessescitech/status/623976563177070594) is actually a security issue, and the number of search results returned is the number of invited researchers for the team. I can't actually verify this, but the email said that a fix is being worked on.

Thanks!

The email is ZenDesk ticket/request #6421.