https://lankybox02.github.io/bundle/view.html#56
your username has “ (banned)” on the navbar if you're banned and you cannot share, edit or delete projects
Yeah I thought I was a first, because I couldn’t find the project, because most viewed projects are out of order lol
Bundle has all user information public here: lankybox02 - Replit
This is really bad. Firstly all tokens have to be hashed to be kept secure, which is very bad for performance, and yet all the hashes are still public. Secondly, having them hashed doesn’t mean they can’t be cracked, someone could run a script to crack these passwords pretty quickly.
This is basically a data breach, this information should not be public.
Link seemed to have broke: https://replit.com/@lankybox02/bundle-api?v=1#auth.json