Hacker News new | ask | show | jobs
by drivebyacct2 4976 days ago
What exactly was exposed here. It looks like it's been blocked now...

Just stealing from other bit in this thread: somehow these urls got on the Internet even though they shouldn't have. They are pre-authed urls that auto-login and then expire.
1 comments
runn1ng 4976 days ago
Seconding this... I see just ordinary account numbers from here.
link
notatoad 4976 days ago
Still exposed here - when you click a link, it pre-fills the login box with a users email. And I guess some of the links include auto-login tokens.
link
runn1ng 4976 days ago
Oh, OK. I can see the mails too, I just didn't think it's such a security risk.
link