DuckDuckGo disclosed a potentially nasty flaw in its server-side software DuckDuckPwn (almost) February 2, 2019 https://www.theregister.co.uk/2019/02/02/security_roundup_010219/
I wonder what adversaries could have downloaded. I mean, DDG doesn't log stuff, right? So what would they have that's "sensitive"?