Shopify: Unauthorized access to any Store Admin's First & Last name

2015-10-23T21:08:19
ID H1:95441
Type hackerone
Reporter hazimaslam
Modified 2015-11-07T21:25:00

Description

This issue allowed unauthenticated users to access personally identifiable information of the store's staff members (first and last name) via a public api endpoint.