Or were you asking about some consolidated treasure trove?
The real risk, to me, is that someone noticed this before Tavis did. They could have created a site with the right parameters and then scraped it for weeks. Cloudflare only had logs for 10 days of the multi-month exposure window, so they have no idea if someone did this or not.
Uber: http://securityaffairs.co/wordpress/wp-content/uploads/2017/...
Fitbit: http://cdn.iphoneincanada.ca/wp-content/uploads/2017/02/clou...
OkCupid: https://trtpost-wpengine.netdna-ssl.com/files/2017/02/cloudb...
Oauth data: https://pbs.twimg.com/media/C5ZCRtMVMAEs0ca.png
Or were you asking about some consolidated treasure trove?
The real risk, to me, is that someone noticed this before Tavis did. They could have created a site with the right parameters and then scraped it for weeks. Cloudflare only had logs for 10 days of the multi-month exposure window, so they have no idea if someone did this or not.