Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Help disclosing serious bank website exploit
3 points by bank0day 49 days ago | hide | past | favorite | 2 comments
I uncovered a massive bug that allows anyone to access a customer's PII at a US bank.

I checked HackerOne and they don't have a bug bounty program. What's the appropriate way to report this?

I wasn't doing any pen testing, I accidentally uncovered this exploit while using the website as a customer. This is a massive bank that doesn't have a history of acting ethically.

Try reporting it through CERT: https://www.kb.cert.org/vuls/report/

Thanks. I ended up emailing directly, just posted an update. It's fixed now.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact