HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information

Hi There, ### Steps To Reproduce 1- open this site: https://www.virustotal.com/#/domain/hackerone.com ------------------------- 2- Then Go down to the end of this page and you will see this: ████ ``https://hackerone.com/reports/334677?invitation_token=███████`` -------------- 3- when i open it, i see this: █████ --------------------- 4-after the step 3 i thought it's demo from hackerone to learn us the invitation process so i found the report is valid and it contain a valid issue to ████. -------------------------------- 5-clicked on accept will lead to open this: ██████ **You have been invited to manage the report submitted to ████.** ██████████ ----- 6-Now after the step 5 I was shocked and i stopped my self from doing any things else because it's just one click to **manage** the report ;) ## Impact I was able to manage a report for ███████ program: 1-Close the report as spam or resolve or any things 2-Public disclosure of this report 3-Discredit the ████ team by comments with unprofessional reply. 4-i will see **internal comment** between hackerone staff there too. Best, @Hackerone_007