Mastodawn

JayeLTee Jan 29, 2025

🇳🇿 100,000 customers got their data exposed publicly for months.

Newfold Digital told me I'm not allowed to disclose this and Bugcrowd told me my account might get banned if I do.

I've talked about this incident before in some posts here but never gave the full story, it's out now:

https://jltee.substack.com/p/risk-a-ban-by-alerting-100000-people

#cybersecurity #infosec #leak #dataleak #bugbounty #scambounty #bugcrowd #newfold #newzealand

Risk a ban by alerting 100,000 people their data was exposed? It was an easy choice.

I got put into a Private, invite-only, Non-Disclosure Program by submitting a form to Newfold, you get to read this post instead.

The Hub of Stupi.. *misconfigs

JayeLTee Jan 27, 2025

Bug bounty program tips to avoid accountability:

Create a form on your website to report vulnerabilities and make it so every report is instantly added to a "private" non-disclosure program on Bugcrowd.

Now if the researcher wants to disclose anything you don't want to they'll have to risk getting banned.

Hint: I don't care at all about the account I created just to help AFTER I reported it. My post will come later this week 😂

#cybersecurity #infosec #scambounty #bugbounty #nondisclosure