A user enumeration technique discovered by security researcher Carlo Di Dato demonstrates how Gravatar can be abused for mass data collection of its profiles by web crawlers and bots. A hidden API route in the service enables anyone to obtain the user’s JSON data by simply using the profile “id”” field. The danger of this kind of issue is that a malicious user could download a huge amount of data and perform any kind of social engineering attack against legit users. The data is already public on Gravatar users on their profiles.”
Source: https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/