1. 25

  2. 3

    I’m glad they did closed it. Some just don’t bother. A particularly outrageous case from my practice: I’ve found an online store whose database backups were publicly available, complete with customer names, shipping adresses and order information. They closed it eventually, but I never even received a reply to my messages.

    1. 2

      Sadly I get the same thing probably 50-60% of the time. Zero acknowledge and it remains open, or zero acknowledgement and it just silently gets fixed (which is fine, at least they fixed it).

    2. 1

      I just hope they paid you after all :)

      (Yes, this might sound weak, but it’s also a very important aspect of security research and disclosure etiquette)

      1. 3

        They didn’t. I didn’t ask and they didn’t offer. The only thing that was exchanged here was emails back and forth. :)