Gregory's Server@Gargron it's still a db hack lol
|
8 comments
 @stux If my understanding is correct, if you have an API token (which you can intercept from the app on your phone) you can use their search API to iterate over all users  @stux You could argue that there should be an upper limit of results returned by search and rate limits to slow down scraping of data but ultimately I don't see anything that would classify it as unauthorized access at all. All the information obtained is something you would see by visiting each user's profile.  Eugen, the API has been completely reverse engineered, long ago. Enough to log in from scratch, you don't even need to extract the token form the actual app. Yes, they do ban accounts that exhibit unusual behavior or make too many requests over short time periods. For that matter, they banned some of the accounts made through that Android app of mine. Yes it's public stuff and public stuff only. I don't see why it's worthy of any excitement. https://www.youtube.com/watch?v=CgJudU_jlZ8 So sth like the Moonpig 2015 situation but with relatively benign, technically public data? Or like the situation on Discord a while back, also with technically public data? |
@stux It's not, actually