While white-hat hackers get paid for reporting flaws this particular researcher was reported to the police after responsibly disclosing a data leak.
Normally security researchers who find data breaches and vulnerabilities in organizations’ cyberinfrastructure get thanked for their effort in helping to make the company secure or get paid by bug bounty programs.
However, this particular researcher was reported to the police after finding a data leak in a company and informing the owner about it.
This also reminds us of 2015’s incident in which Wesley Wineberg, an independent security researcher, participating in Facebook’s bug bounty program, managed to crack his way through Instagram defenses and almost get complete control over the service.
Soon after the researcher disclosed the vulnerability to Facebook, the company threatened to sue, instead of paying the reward he was due for his work.
As for the recent incident, the security researcher goes by the name of Rob Dyke and while being a white-hat hacker, he is also an open-source advocate. In a tweet on March 8th, 2020, the researcher revealed that he discovered two public repositories on Github back in February 2021 and informed the owner of that data leak.
The repositories contained:
API keys
Usernames
passwords
Application code
URLs of third-party embedded items.
Following the standard procedure, the researcher decided to encrypt the sensitive data, store it, and keep a copy for a disclosure period of 90 days. In the meanwhile, he informed the data owners regarding the leak and helpin ..
Support the originator by clicking the read the rest link below.
