The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present

Hi The.json endpoint of any disclosed report is leaking reporter's email, OTP backup codes, reporter's phone number, "graphql_secret_token", tshirt size all the reporter account's internal details etc. ``` GET /reports/█████.json HTTP/2 Host: hackerone.com ```` * I was checking Hackerone's disclosed report ██████████ and suddenly during check found .json point is leaking too much data of reporter ```████``` . I immediately reported it to you. █████ * PoC:- Leakage of data of reporter █████ █████ ## Impact Reporter H1 account private data disclosed