New ask Hacker News story: Ask HN:How to warn a company about the security issues if they refuse to listen?
Ask HN:How to warn a company about the security issues if they refuse to listen?
9 by system2 | 3 comments on Hacker News.
Hello all, While I was visiting a client, I found out a neighbor has a massive security problem with their online services. It was by luck, I didn't even use hard tools to find it. I am sure real foreign hackers wouldn't stop where I stopped after seeing everything by luck. I didn't do anything malicious, not even tried to penetrate them as I am afraid of any kind of legal responsibility. This company is working with very large enterprises, as well as the government/defense etc. ---- I tried to contact their executives via LinkedIn, I got no response. (3 people). I sent 5 emails to their executives after finding their email addresses from various business listing sites. Only one answered to my detailed email saying: "I will forward this email to our IT, if we need your help, we will let you know." And this person didn't even ask the details nor replied my emails any further. --- It has been 2 weeks, they didn't do anything about the security issues they have with their software. Their incredibly loose system allowing: -local network and all computers -backups -every client they ever had -clients invoice -manipulate data of orders and machines -their core software Database, with full read/write possibility with no restriction or logging -most importantly, all of their connected client's local IP addresses and so on. --- I sent them another email today, they seem to ignore. I am extremely baffled that a company can ignore such a warning and don't take action. --- What should I do? I wasted enough time typing them detailed emails.
9 by system2 | 3 comments on Hacker News.
Hello all, While I was visiting a client, I found out a neighbor has a massive security problem with their online services. It was by luck, I didn't even use hard tools to find it. I am sure real foreign hackers wouldn't stop where I stopped after seeing everything by luck. I didn't do anything malicious, not even tried to penetrate them as I am afraid of any kind of legal responsibility. This company is working with very large enterprises, as well as the government/defense etc. ---- I tried to contact their executives via LinkedIn, I got no response. (3 people). I sent 5 emails to their executives after finding their email addresses from various business listing sites. Only one answered to my detailed email saying: "I will forward this email to our IT, if we need your help, we will let you know." And this person didn't even ask the details nor replied my emails any further. --- It has been 2 weeks, they didn't do anything about the security issues they have with their software. Their incredibly loose system allowing: -local network and all computers -backups -every client they ever had -clients invoice -manipulate data of orders and machines -their core software Database, with full read/write possibility with no restriction or logging -most importantly, all of their connected client's local IP addresses and so on. --- I sent them another email today, they seem to ignore. I am extremely baffled that a company can ignore such a warning and don't take action. --- What should I do? I wasted enough time typing them detailed emails.
No comments