Hi everybody,
Today I've found out that one of these new fancy tech startups that do fitness is leaking private emails of their employees. I would like to report to them the vulnerability and how to reproduce it. They do not have a bug bounty in place and they are located in the EU.
I'm not sure on how to approach them and how to ask for compensation. I would be more than happy to settle for a free yearly membership of their top tier plan (worth 1.3k$) in order to burn some kcal accumulated during the lockdowns.
Do you think is it possible/reasonable to ask something like this? How should I approach them? Should I reveal the leak right away or should I first agree on the compensation?
[link] [comments]
from hacking: security in practice https://ift.tt/2TWlN12
Comments
Post a Comment