|
|
|
|
|
|
by pserwylo
3134 days ago
|
|
|
What you have described makes sense only if they were originally hired as penetration testers. I think an external hack of this nature, even if done by white hat hackers, should rightfully be treated differently. Having said that, you raise an interesting point, because if this money was paid as a bug bounty, then perhaps the lines would be blurred again. I guess the difference is that a bug bounty would have more clearly defined parameters about how far the hack should go. Logging into AWS using credentials that were found lying around, then continuing on to download data, seems like it is beyond the realm of reasonable bug-bounty hunting and responsible disclosure. |
|
|