Security Researcher Discovers Critical Data Vulnerability in Sports Insurer Portal, Faces Legal Threats Instead of Cooperation
By
toomuchtodo
3mo ago· 12 min readenInsight
100/100
Golden Brown
Bagelometer↗
A five-star bake. Worth schmearing, sharing, saving.
Score100TypeanalysisSentimentnegative
Summary
A diving instructor and platform engineer discovers a critical security vulnerability in a sports insurer's portal during a dive trip, exposing personal data including minors' information. When attempting responsible disclosure, the organization responds with legal threats instead of fixing the issue. The article details the vulnerability discovery process, the ethical dilemma of responsible disclosure, and the concerning corporate response prioritizing legal defense over security remediation.
Key quotes
· 3 pulledWhat I found was so trivial, so fundamentally broken, that I genuinely couldn't believe it
What happens when you responsibly disclose a critical vulnerability exposing personal data - including that of minors - and the organization responds with legal threats instead of a thank you?
I'm a diving instructor. I'm also a platform engineer who spends lots of his time thinking about and implementing infrastructure security. Sometimes those two worlds collide in unexpected ways
What happens when you responsibly disclose a critical vulnerability exposing personal data - including that of minors - and the organization responds with legal threats instead of a thank you?
