Hey everyone, I’d like to share how I found a simple API authorization bug in a private program, which affected thousands of sub-domains…