|
|
|
|
|
|
by eb0la
2939 days ago
|
|
|
Under GDPR they must disclose to their users this security problem because they could have a potential data breach. This situaciĆ³n should be handled by the Data Protection Officer (DPO) the company must have either a) con payroll or b) as contractor. If I were you, I would report this anonymously to avoid beign sued. Even better: talk to your lawyer and ask him/her to report anonymously the incident for you. I have been un court as a designed expert and the concept of accidentally discovering a vulnerability is hard to explain to law people. Other developers / security people will understand it, but DPOs are usually lawyers that report to the board that is composed of lawyers... |
|
|