It’s always really funny when “security” companies have a centralized DB that grants tons of employees permissions to browse it. What were they thinking?
There are certainly some important lessons for us to learn here but, just for clarity, this wasn't one of them. The data access in question here was central to the individual's daily job responsibilities and done through systems explicitly built for this purpose.
8 comments
[ 2.7 ms ] story [ 35.4 ms ] threadCould have been much worse.
There are certainly some important lessons for us to learn here but, just for clarity, this wasn't one of them. The data access in question here was central to the individual's daily job responsibilities and done through systems explicitly built for this purpose.
-
So this former empd access was specifically to assess and triage threats???
This isnt a simple "person"
This is a pot that has already reached out far.
Only an idiot would say " yep this little security breach is plugged"
-- NUMErOUS
So where are his reachings?
That one sentence alon should cost careers of 'cyber consultants'
WHO
WHAT
WHY
WHERE
WHEN
lets go back to basics here folks...
JEASUS
Where is the list of "numerous" customers...
These will be one of those cases where the person will be surprised they landed in jail
None were marked as duplicates, so I dont think the employee tried to take credit for my work.
Im glad Hackerone decided to be transparent about this incident.