Zendesk paid me $500 4 years after I submitted a vulnerability to their bounty program on hackerone. It was a shock. There were default settings indexing internal docs/knowledgebase info to search engines.