I would like to echo the statement made about not exposing data. Yes, you should only expose information in endpoints that is used by the frontend, but some data shouldn't have endpoints. I have found many websites where they have endpoints for stuff like survey responses, with full names and emails. Data like that should just be accessed with a desktop database client.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would like to echo the statement made about not exposing data. Yes, you should only expose information in endpoints that is used by the frontend, but some data shouldn't have endpoints. I have found many websites where they have endpoints for stuff like survey responses, with full names and emails. Data like that should just be accessed with a desktop database client.