Definitely some schadenfreude going on here. My only problem with this story is that he didn't directly inform the app powner before going public. I think that regardless of who the targets of a security leak are, you should still be a professional security researcher and do responsible disclosure (with some caveats around exposing criminality, oppression, etc... but which do not apply here).
1 comment
[ 4.3 ms ] story [ 15.3 ms ] thread