2016-03-27 at 3:24 AM UTC
If I were in the process of pulling full information(full name, social security number, data of birth, drivers license, and other personal info) from a database in which I have found a security hole, and I have at least three to four more databases like it to pull information from, each containing anywhere from 500k to 1 million individuals personal information, in what way should I report the info after I have finished pulling the data?
My plan so far is to yank all of the data, and then on a special day that has some specific meaning(like 4-20, but that may be to soon due to myself finding more databases), report the security holes in detail to the administrators and at the same time, post a list of these websites on different forums so that others can take a stab at these websites themselves and possibly find the same security holes that I've found. This will give others a short time frame to find the same holes I've found and pull out some data for themselves.
What other ways of reporting these would make a big splash effect?
2016-03-27 at 6:47 AM UTC
If the admin's are smart and the vulnerability is critical i'd assume they'd just take their servers offline while they roll out a fix. Just report to the admin's and at the same time release the dump including the vuln on the chans for maximum exposure and lulz.
2016-08-27 at 4:03 AM UTC
Well some of these have obviously been reported. lulz