|
|
|
|
|
|
by paulannesley
2112 days ago
|
|
|
> Who's out there that would exploit this because they thought $50,000 wasn't worth it, but would change their minds for $1,000,000? […] people who just like to cause chaos, and state-sponsored actors […]. Makes me think of the recent Twitter account take-overs. The amateur attackers acquired access which could have caused enormous damage, and used it to scam ~$100,000. The difference between $50k and $1m in bounty could have turned them towards responsible disclosure. (That said: they probably hoped to scam much more. And they got caught. And the way they obtained access was probably way out of the scope of a bug bounty program / the law.) |
|
|