Follow
do you ever accidentally expose the password hash of your users in public, unauthenticated APIs
poor Olle
Olle just responded from the helpdesk with option A 
@ChlorideCull b is why I usually don't bother with these things
@Dee i usually just email the Swedish CERT and tell them to deal with it lol
@ChlorideCull AND email address
@Gulfie less of an issue here since it's a business email and kinda public, but yeah
i've notified them of this which means that either
a) they will thank me and fix it
or
b) they will threaten to call the cops and completely ignore the problem