Hello Mastodon! I haven't really posted anything here since I'm socially awkward but I come with a cry for help.

I am not a security professional (although I strive to be), just an engineer so I need some advice. I found an unprotected endpoint on one of the sites I use daily for my business that allows read access to all documents, regardless of who they belong to. I disclosed the vulnerability with the company that owns the platform and their dev team is already working on a fix. The thing is, their OpSec is pretty much non-existent and I lack the knowledge to know what to do here. Is this something that should be disclosed to the public after it's patched? I also want to recommend they check their logs to see if someone has exploited this before, but I lack the confidence lol.

Could anyone tell me how I should recommend they handle this? Is this maybe something I should NOT do?

Thank you lovely people :)
#opsec #redteam #vulnerability #disclosure #infosec

I've decided to release my own Christmas single called "Duvet Know It's Christmas?"

It's a cover version.