Flickr disclosed a bug submitted by 0xcyborg: https://hackerone.com/reports/1755552 – Bounty: $50 [Source]