Private program activity timeline information disclosure

HI, There are some company which are hosting as external https://hackerone.com/directory?query=type%3Aexternal&sort=name%3Aascending&page=1 but some one was hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on HackerOne or not if you can guess the username they use. Poc https://hackerone.com/<redacted> : its external bb but the have a private bb now let's discloure there activites : https://hackerone.com/<redacted>/activities.json and you can use it to check if they are private bb or not Generally most company chooses the same name as their company name like yahoo. Cheers, @tws_charfeddine