this post was submitted on 28 Jan 2024
54 points (98.2% liked)
cybersecurity
3264 readers
12 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
It looks like the charges are from using the credentials they found not just for finding them. It's definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.
The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.