Comment by PuffinBlue

I didn't keep details, sorry. It was late (UK time) and I was attempting to get my own response out the door.

I saw three domains directly myself with compromised details:

android-cdn-api.fitbit.com

iphone-cdn-client.fitbit.com

api-v2launch.trakt.tv

I saw data relating to Discord whilst on various cached pages when I was looking at the above domains.

The pages are no longer available in Google's cache so I can't link to them.

Some cached pages had data from multiple sites all together, it was a mess.