HackerOne: Making program preference -> program visibilty feature usless and disclosing API Identifier in the progress and data that may cause potential IDORS.

@spongebhav identified a vulnerability that let a victim believe their program membership wasn't shown on their profile, when in reality, it was. This could be used to identify system users of a program when the program blocked this...