| ||Ask HN: Worth following up? Publicly facing root passwords on a Fortune 100|
8 points by JungleCats 1350 days ago | hide | past | web | 9 comments | favorite |
|Hey there guys!
Sorry if this isn't the normal style for posts, I haven't been on here long.|
Essentially, I recently found a publicly facing document which detailed ALL of the root passwords for a Fortune 100 company. (Amongst other things, it was an open directory which also included all of the staff VPN passwords, and other sensitive information including SQL backups). I immediately reported this issue to them. I was told they would get back to me, and after reporting the issue I have sent multiple followup emails and have been selectively ignored. (I stumbled upon the root passwords completely by accident while looking around Google for information relating to an unrelated company). They have now removed the documents in question, (though they are still cached by Google). Should I let this go? I'm not sure whether it's worth pursuing. I don't want recognition, or hush money. I would have been content with a thank you, and I would have called it a day. Oh, and if it is relevant I sent my first email on January 23rd.
| Apply to YC