How to disclose an exploit without causing harm?

Hello, I created a post here some days ago regarding a company who will not respond to my emails that explained how their entire database was wide open. Since then, I evaluated everyone's advice and determined that I should indeed disclose the exploit since the company is doing nothing about it. However, the database contains around 50,000 entries alone in the user table (containing emails and passwords). How do I properly disclose the exploit but ensure that the sensitive data remains safe?

EDIT: The exploit in question is an SQL injection

submitted by /u/p0xq
[link] [comments]

from hacking: security in practice https://ift.tt/YBtCMfN

Comments