Yep, you're correct. Panera had an issue where folks could scrap every user profile due to sequential profile ids. The bigger part of the exploit was they just openly exposed user data but making the profiles ids sequential made it really easy to scrap