Web Cache Deception vulnerability on algolia.com leads to personal information leakage

A web cache deception(WCD) was found on our main website (algolia.com). An attacker could trick a caching proxy into storing private information transmitted over the internet from authenticated user. To do so, attacker would use simple social engineering where the victim is only required to open a link in a browser while being authenticated on the website. The attacker could then access the cached data, which can include personal and sensitive information of the victim. The exploit URL was formed by using a randomly named css file.