You should honestly take this post down. You've literally revealed how to gain access to their API keys, mentioned that it can be used to devestate the company and commit fraud, then just added a message in parentheses asking the reader not to do it.
This is a shitty article that isn't humorous at all. It would've been funny if you had reported it, they had fixed and you'd posted the article after. This reads like an engineer trying to get an ego boost and a pat on the back.
The keys are already public, he’s not documenting some super secret zero-day way of extracting keys. He… downloaded the app and unzipped it, basically.
Be angry at the company who clearly don’t have a clue how to secure anything.
You can be angry at both the company and the person who publicly revealed the issue without first trying to inform the company. That's literally white-hat-hacking 101.
They keys may already be public (technically), but he is the one publicizing it and posting it on Hacker News. OP is also clearly aware of how much harm can be done using these keys, since he asks people to not use them.
If anyone really wanted to they could probably figure out who you are based off your comment history, all of which is “public information.” So it’s cool if they use your name and list your address right?
Or let’s just remove you from the equation: do you agree doxxing is wrong regardless if the info is publicly available?
This is a shitty article that isn't humorous at all. It would've been funny if you had reported it, they had fixed and you'd posted the article after. This reads like an engineer trying to get an ego boost and a pat on the back.