|
|
|
|
|
|
by greenyoda
2411 days ago
|
|
|
Did you actually try accessing the API endpoint to confirm that it was returning customer data? If so, you may have violated the federal law that forbids people from "exceeding authorized access" to a site. So unless the company has a formal "bug bounty" program that explicitly says that they're OK with people poking around on their web site, you should probably forget you ever saw this. Someone in the company might turn you over to the FBI to cover up their own mistakes. It's just not worth the risk. (Yes, people have actually been prosecuted over stupid things like this. Sorry, I don't remember the details of the case.) |
|
|