Bug Bounty Write-ups

Blog

A simple archive of write-ups, report breakdowns, and postmortems. Each story now lives on its own page so the index stays clean and the reading experience stays focused.

Public versions only. Sensitive details are redacted.

Stories

Dec 1, 2025 Business Logic Informative

Authorization Bypass Let Free Users Reach Premium Hinge Features Through the API

A redacted write-up about a subscription boundary that existed in the interface, but not where it mattered most: backend authorization.

Read Article