

Ask HN: How to report security flaw - lenzuola

<p><pre><code>  A website owned by a fortune 500 company sent me my plain text password when I clicked on &quot;forgot password&quot;. What is the proper way to report this, first privately then publicly?</code></pre>
======
stevekemp
Honestly I'd submit to
[http://plaintextoffenders.com/](http://plaintextoffenders.com/) and let them
find out indirectly.

The alternative is to email webmaster|security@domain anonymously and hope for
the best.

