How i got access to 1600k Users PII Data $$$$

{"error":"Couldn't authenticate you"}
{
"id": 123xxxxx,
"name": "Victim",
"email": "victim@gmail.com",
"created_at": "2015-11-25T06:00:20Z",
"updated_at": "2015-11-25T06:00:20Z",
"time_zone": "Ekaterinburg",
"iana_time_zone": "Asia/Yekaterinburg",
"phone": xxxxxxxxxx,
"shared_phone_number": null,
"photo": null,
"locale_id": 1,
"locale": "en-US",
"organization_id": null,
"role": "end-user",
"verified": false,
"external_id": null,
"tags": [],
"alias": null,
"active": true,
"shared": false,
"shared_agent": false,
"last_login_at": null,
"two_factor_auth_enabled": false,
"signature": null,
"details": null,
"notes": null,
"role_type": null,
"custom_role_id": null,
}
} "system::embeddable_last_seen": null
..........
..........
"count" : 1645729
}
  • Reported : March 6th 2022
  • Triaged : March 10th 2022
  • Confirmation : March 14th 2022
  • Bounty : 1500$
  1. Always check Burp history
  2. Don’t report as soon as you find, increase the impact and then report

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store