Some time ago, the sekurak.pl portal shared information about a very harmful but simple vulnerability on Linkedin.
Namely, it was possible to download each user's CV without logging in, without authorization or any unnecessary steps. It was enough to enter a specific address, e.g. "linkedin.com/api/v4/download_resume?id=827387" and successively enter random numbers to display more CVs of users.
The vulnerability was patched and a bounty of $5,000 was paid for finding it.