Kevin Beaumont on Nostr: Ridiculous situation playing out at Teammate App, maybe a Pwnie Award nomination in ...
Ridiculous situation playing out at Teammate App, maybe a Pwnie Award nomination in the making.
- Researcher responsibly discloses an open MongoDB database with no security at all - no authentication
- The Teammate CEO emails the researcher and claims no breach is possible and behaves really unprofessionally
- The company emails their customers after public disclosure and tries to pretend the researcher is a criminal hacker and hide behind law enforcement
https://jltee.substack.com/p/response-to-teammate-apps-notification-and-disclosure
- Researcher responsibly discloses an open MongoDB database with no security at all - no authentication
- The Teammate CEO emails the researcher and claims no breach is possible and behaves really unprofessionally
- The company emails their customers after public disclosure and tries to pretend the researcher is a criminal hacker and hide behind law enforcement
https://jltee.substack.com/p/response-to-teammate-apps-notification-and-disclosure