

Vulnerable Application – How to let them know? - johndow

I&#x27;ve found that a site is extremely vulnerable, to a point where i was able to look into the database.<p>that website collects payments as part of their product and now they have thousands of credit card numbers, expiration, cvv stored in the database. also they store users email addresses and passwords in plain text.<p>how do you let them know without getting in any kind of trouble or them knowing who you are?<p>i fear for the people who have their credit cards and information stored there and if this falls into the wrong hands it can leads to a disaster.<p>i am talking about 40K credit card numbers 34K+ are not expired.
======
b6
I'd either let them know in a straightforward way (email or use contact form
to ask how to report a security issue), or not let them know, but I wouldn't
try to let them know while hiding my identity. Too much could go wrong.

Who knows, your good deed _could_ end up getting you in some trouble. But it's
true of any good deed you'll ever do in your life. You can't let the risk of
being harmed stop you.

------
Mimu
These people will most likely not be able to track you down though. Assuming
they didn't make their website vulnerable on purpose.

