Remix.run Logo
mtmail 12 hours ago

Booo for not waiting for the developer's response. It hasn't even been 24 hours. It's not even July/4th in Europe yet.

> We have no malicious intentions. Our only goal was to identify these security issues and inform the developer so they can be fixed.

> conducted this research in good faith.

Posting it online the same day, then posting on HN to promote it isn't good faith.

   - Any user’s private profile could be retrieved, including:
     • Chosen Username
     • Total Segment Count
     • Minutes Saved for the community
     • View Count (how many times their segments helped others)
     • Reputation Score
     • VIP Status
     • Privacy Preferences
Anonymous user names and some counts.