(alexschapiro.com)

560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0s | source

Show context

xutopia ◴[12 May 25 16:57 UTC] No.43965126[source]▶

That's crazy to not have responded to his repeated requests!

replies(3): >>43965190 #>>43965227 #>>43965306 #

benzible ◴[12 May 25 17:04 UTC] No.43965190[source]▶

As someone managing a relatively low-profile SaaS app, I get constant reports from "security researchers" who just ran automated vulnerability scanners and are seeking bounties on minor issues. That said, it's inexcusable - they absolutely need to take these reports seriously and distinguish between scanner spam and legitimate security research like this.

Update: obviously I just skimmed this, per responses below.

replies(3): >>43965283 #>>43965303 #>>43965441 #

1. sshine ◴[12 May 25 17:13 UTC] No.43965303[source]▶

>>43965190 #

They already met with him and acknowledged the problem. So their lack of follow-up is an attempt to push things under the rug. Users deserve to know that their data was compromised. In some places of the world it is a crime to not report a data leak.

↑

I hacked a dating app (and how not to treat a security researcher)