This is an automated archive.
The original was posted on /r/cybersecurity by /u/Stock_Manufacturer77 on 2023-07-18 00:57:18+00:00.
I'm a cyber security researcher hobbyist and I have stumbled upon a significant security issue. I've found not just only one unsecured service on the host of this particular big company but freakin' two out of two on one of their hosts. Seeing their fully functioning system/workflow that hosts thousands of highly sensitive, super confidential and non-disclosures. I maybe have seen only 5% of these documents and I'm already truly shocked. Most are worldwide extremely well-known, influential companies and organizations, both commercial and governmental from all over the world. To say the least, this is a very serious concern.
The second service I found that particular host, was an application that allowed me just to create an account with full admin privileges, allowing anyone to access and manipulate and delete a considerable volume of significant documents. If their security is this poor I would even believe if this is their only backup. The unbelievable irony is that the company that is behind this unsecured information, touts itself as a secure platform for certain documents and states: Even your most sensitive documents are in very secure hands with us.
Normally I would contact the particular company straight away, but it grinds my gears that they don't give a damn about those companies trust and confidentially (based on the cheap security tools and their ridiculous statement) and their invoices aren't lying either. These companies pay shocking amounts of money for this. My intention right now is to profit as much as possible from this situation, by finding the right way to approach this huge matter. Given the gravity of the situation, I'm looking for advice on the best course of action.
I would greatly appreciate any guidance from experienced cybersecurity professionals or individuals familiar with handling such situations. I'm open to collaborating with a reliable party to manage this situation as effectively as possible to get the most out of it.
Thanks in advance for your time.