Please Upwork,

Kindly forward that MSG to Upwork developers urgently.

Within Upwork Community, all Freelancers Usernames is completely visible.

I mean by Freelancer username is the one which the Freelancer set in order to login using it instead of Email address.

SAME APPLIED FOR CLIENTS WITHIN COMMUNITY WHERE THEY STRUGGLING HOW SOME BAD FREELANCERS REACH THEM VIA EMAIL/COMPANY WEBSITE FOR EXAMPLE.

As I've noticed this topic being disccused a lot with client's forum as well. I imagine there would be bad freelancers with qualified skills to figure that by searching the client username (where some clients choose a username which is nearby produce their website name/emails etc)

Also, You've to give us the option to disable vieweing our profile Link. (make sure to remove that from HTML DOM as well)

What that can lead to ?

1. Anyone can crawl Upwork community to obtain the freelancers usernames and Profile Unique ID.
2. Crawling all Freelancers profiles to obtain informations such as Total Jobs/ Skills/ BIO and so on.
3. Cracking freelancer's password using his username.

Also, Please ask the Security Team to make sure if freelancer made access to his account using the username instead of Email address so any attemp to add new Withdrawl Method must be reviewed, That's in order to get away about the issue which a lot of freelancer reported where a hacker made an access to thier account and been able to withdrawl the earnings without verfication.