HackerOne: Can read features from any user

Summary: An attacker can read feature notifications from any user. Just need to change me to userusername:"filedescriptor" in your request to get the features. Steps To Reproduce POST /graphql HTTP/1.1 Host: hackerone.com "query":"query Newfeature \n query \n id,\n ...F0\n \n\nfragment F0 on Quer...