• Apathy Tree@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    23
    ·
    10 months ago

    Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.

    Hope he wins the appeal.

    • Funkymatt@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      10 months ago

      It looks like the charges are from using the credentials they found not just for finding them. It’s definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.

    • xinayder@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.