Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature
Author: mala
- This article describes a vulnerability in a web service called Medium that allows you to steal visitors' e-mail addresses by using custom domain plan of Medium.
- This is done as my personal activity and is not related to my organization.
- I'm not a zero-day guy and this is simply the result of a failure of coordinated disclosure.