but only on the r1 subdomain, which is used for sending spreadsheets to users, so all spreadsheets can be read
+ from a researcher in discord: “we couldve also read auth.rabbit.tech […] which is basically all rabbithole password resets, aka arbitrary account takeover including admin accounts”
+ from a researcher in discord: “we couldve also read auth.rabbit.tech […] which is basically all rabbithole password resets, aka arbitrary account takeover including admin accounts”