We made all projects private in our GitLab installation. But I discovered that it is possible to see a set of meaningful data about a user just by appending his login name to the URL of the GitLab installation. No need to log in: it is visible to the whole world. For instance, if our GitLab URL is https://our.gitlab.com, it is enough to go to https://our.gitlab.com/userloginname to be presented with information about the user userloginname.
How to prevent this?