|
|
|
|
|
|
by jlarocco
2801 days ago
|
|
|
First, I don't think the difference between exposed and leaked matters with respect to whether they need to notify users about it. In any case, I don't believe their answer. Once the API response leaves the server with extra information there's no way for them to know which fields the caller looked at because it's all done client side. |
|
|