Major flaw in 'Fog of War' variant implementation

Hello Chess.com community,

I am writing this post to spread some light on how easy it is to hack and cheat in Fog of War variant for someone with good enough knowledge of web development.

Before I go ahead, I would like to clarify that I disclosed this issue in full details to Chess.com team over email 3 months back and the issue is still not fixed. I also didn't receive any estimated date by when it will be fixed.

Understanding how easy this hack is, I am expecting few players on Chess.com might already been exploiting this in wild. So I thought it should be disclosed in front of everyone here on forum.

To avoid further escalation of this hack, I will not be sharing any technical details here publicly on how this can be achieved. Just attaching a Proof of Concept video here to prove the hack.

By exploiting this flaw, anyone can see all of opponent's moves in real-time while the game is going on. This literally bypasses core feature of Fog of War variant.

(Note that I created own test account for testing this PoC and never used this exploit against any real opponent.)

The second board on right of the screen is injected by my own browser extension created for PoC, that uses the flaw in the game to get opponent's moves as they happen and relay them on the second board.

I request Chess.com team to look into this issue as it spoils fun for all other genuine players who are interested in Fog of War variant (including me ). I am willing to help with any further details and on technical fronts, if required

Regards.

This is more of an exploit for beginner players. GMs can see all of this in their heads

no wonder i play some people and the only way that they would know where i was at is being able to see my pieces and these players are not rated very high at all. My score has gone way down lately, this must be the cause, how can i got from almost 1900 to 1750 in two days....chess.com please fix

my friend noticed a bug where the screen flashed and showed the whole board for a split second. I assumed there was some issue with piece placements being sent to the client so I looked into it and was able to recreate this hack on my own.

I just had a connection error in a game and when I reconnected, the piece my opponent had just moved was visible for a fraction of a second. I knew he had a piece there, but I hadn't known it was a knight. Definitely still errors here.

Ok, that is ridiculous. I haven't looked into the technicals (nor will I) but if they are sending the information what's behind the fog to the client in any way... well that is a pretty rookie mistake. I understand it takes a bit of time to fix, but I don't understand the lack of communication with you on this.
Thx for shedding some light on this. FoW is my favorite variant and it would be shame if this didn't get fixed.