05-05-2026, 05:51 PM
(05-05-2026, 04:08 PM)bts Wrote: @ReturnofBroccoli
Are those screen shots from Blue Sky?
Security sites have picked up the story.
https://hackread.com/anti-ice-site-gtfo-...ists-data/
Its a screenshot of a curl header request to the api using a token that is blacked out on the gtfoice.org api endpoint that was publically exposing subscriber information
The auth bearer token, header subcommand, and url following is telling it what information to pull and from where
Things like this are done in the enumeration phase of any penetration testing methodology and should not be disclosing information like this, obvoiusly.
Even though, its not really useful information except to maybe a government wanting surveillance of its people lol
In my professional opinion having this open like this appears intentional
