https://www.theregister.co.uk/2017/08/02/url_tweak_to_voucher_biz_signup_page_exposes_users_details/

A UK web biz has been slammed for blocking people on Twitter just for reporting a security vulnerability that potentially leaked people's contact details.

Kids Pass – a Cheshire-based outfit that offers more than 500,000 folks discount vouchers for family activities – was alerted over the weekend, via Twitter, that its code was insecure. By making a simple tweak to a URL on the site while activating an account, someone could get access to strangers' personal information.