[WellDressed]

Wow! I'm a lemonade customer and the fact that leadership twice mentions that leaking customer data is by design, is mind-boggling to me. What product owner would suggest such a feature!?

Any recommendations for a replacement?

[Beaver117]

Tweet from the leadership: https://twitter.com/shai_wininger/status/1392892957787885573

"1/ Let’s set things straight up front: What @muddywatersre found were links to 4 insurance quotes shared by Lemonade users themselves. (aka, they loved it so much, they shared ‘em).

That is not a vulnerability, it’s by design!"

"2/ We designed our quotes to be shareable. If someone wants to send their quote to their family, friends, or mortgage bank, they can. Btw, turns out people post their quotes on Pinterest and UX blogs, and these are the ones they stumbled upon"

"3/ Since Google indexes Pinterest and blogs, these links end up being discoverable on Google."

[addicted]

I don’t get it. It appears that what is being “leaked” is quoted that users are choosing to share publicly on a public web page which then gets indexed by search engines.

What’s the actual vulnerability here?

The only “vulnerability” is the short seller saying that they were able to log into the users account, but if they were able to log into the users account, why were they only able to access their name and quote, information the users had chosen to share publicly, and were not able to access a whole host of other data that would be available if one were able to log in to a users account.