Bug hunting is very important part of our development process and if you have any relevant finds our development team will contact you privately and discuss the details;
Thanks in advance !
Apparently messaging support didn't make the admins/devs fix this, so I'll just throw it out there. Wintomato is leaking user information through their API; and despite being told exactly what part of the API does this, they've done nothing about it. The information leaked is honestly not the biggest deal in the world (2FA status, Email, IP, other shit), but it breaks shit such as GDPR etc.
All this shows is bad development, and that they have no sense of what is important.