IDOR allows an attacker to modify the links of any user

The researcher found a way to edit the social links in the profiles of other users due to an IDOR vulnerability in Reddit’s GraphQL API. By querying a user's profile, an attacker could retrieve internal IDs of social links and then use those IDs in an unauthorized update mutation to modify the link titles or URLs. No ownership or authorization checks were enforced on these operations.