!!! API returns data from other users

API returns other user data, for example https://api.envato.com/v3/market/author/sales

I confirm!
Applications for sales alerts show data from other people’s accounts. Also, notifications about sales of other authors come.

1 Like

Exactly. Looks like a Security hole.

Hi everyone,

Thanks a lot for reporting this.

The issue should now have been fixed. If you’re still seeing some issues, please let us know.

We’ll be assessing the impact of this incident and taking appropriate measures.


I got a notification “New sales! - $1200” I was like what the heck, then I noticed it is from diffirent author. Guess power elite author. :joy: