HackerOne support disclosing report state without checking user identity

**How was i able to to know the state of report using Hackerone Support:** I was able to know the state of report using different email address by contacting Hackerone Support. So the thing is this is my report https://hackerone.com/reports/344238 which is not even disclosed and closed as informative and which is reported by with this email address ██████████ . I sent email to hackerone support using this email address ██████ which is totally different from the email i reported the vulnerability from what i wrote in the email was ‘May i know why it isn’t closed as resolved and still pending? https://hackerone.com/reports/344238’ i didn’t even say that this report is closed as informative i just said that ‘why is it not closed as informative yet’ and after 1 day i got email from Hackerone Staff saying: Hi Aman, Thank you for reaching out to us with this concern. I have taken a look and disclosure was requested on the 1st of May. If the company does not disable disclosure the report will be disclosed at that time. However, disclosure can be disabled if the report is closed as informative, not applicable, duplicate or spam. This information about the report is disclosed by support of the report which is not even disclosed yet and by using totally different email and just a same name i was able to get that information by support team. Would recommend hackerone support to verify email first before disclosing any information. Hackerone Support Request # 246046 Also the picture is attached aswell. ## Impact An attacker can know the state of report by using different email address . The report which is not even disclosed we are able to know information about it.