I would like to chime in and say thank you as well. I know i spent a pretty good deal of time trying to catch the bug, and found it to be very frustrating. I am very glad it was located and fixed.
What data where got stolen?Nothing, because that js that we inspected the first thing it does is a redirect and once you are out of arduino.cc domains you cannot read any data from the js. In addition we had a security mitigation not allowing untrusted js to read cookies where we store the session.
Please enter a valid email to subscribe
We need to confirm your email address.
To complete the subscription, please click the link in the
email we just sent you.
Thank you for subscribing!
via Egeo 16