You must log in or # to comment.
Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
It looks like the charges are from using the credentials they found not just for finding them. It’s definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.
The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.