[JayeLTee]

OP here, the one who found the exposed data.

Not sure if you read my 2 emails to the company but I would say I was polite to them and was met with accusations of harassment and straight up lies.

Don't expect me to pat you in the back if you come at me with such claims when I simply alerted you of a security issue.

[erikerikson]

Welcome to Hacker News. Thank you for the post and your advocacy.

[DangitBobby]

I don't think you get to call yourself polite or well-meaning when you pan them and air their shit out publicly after they respond in a way you don't like. Maybe you were superficially polite, but you do not come across as an angel. I _still_ don't know exactly what your goals are, if you're looking for acknowledgement, payment, or just trying to make the Internet a safer place for users.

[JayeLTee]

I think the around 50 public disclosures I did in the last year where I asked 0 times for anything kinda show I'm not looking for any payments.

There is a huge issue regarding publicly exposed data that no one seems to want to acknowledge or talk about, what you see online? It's 100 times worse.

I'm someone who is trying to raise awareness through my finds, nothing else.

Also I was initially polite to the company, not once but twice, as I am to anyone who I reach out, why wouldn't I be? I want them to fix the issues, not ignore me.

Don't expect the politeness to be infinite though, specially when you start accusing me of harassment and lying about the severity of the exposure that affects thousands of people, the ones I DO care about, not the companies.

[prododev]

Sure you do. The poster was polite, got an extremely rude response, and has no obligation to be polite afterwards.

Airing their shit out is a disclosure of a vulnerability, and it's important to do. Typically you reach out to say, "how would you prefer I do this?" And work through a common understanding. The company flipped the bird, so it got aired very publicly.

[DangitBobby]

I can call myself a bicycle but I don't have any wheels.

Their behavior when things don't go their way belies their initial "politeness". When the transaction didn't go how they wanted, they pulled the trigger on being a dick, publicly. That is a much worse offense that an impolite email. If this were a coworker or a contractor, it would color all of my interactions with them going forward.

[grayhatter]

> they pulled the trigger on being a dick, publicly. That is a much worse offense that an impolite email.

brain dead take; the article was impolite, the email was an overt threat by an impotent exec *in response to someone trying to help*!

Dang it bobby, it's not worse to respond to respond to asshattery (the email) with irreverent sunlight (the article).

I also wouldn't call you a bicycle because you're not going anywhere with this attitude. The CEO got a gift, and the author got a middle finger. No matter what happens after, the CEO without a doubt shot first. And shot someone just trying to help. He can get fucked, and anyone defending him can join in too.

[DangitBobby]

I'm not defending him so much as advocating for understanding, grace, transparency, and de-escalation. You of course are welcome to conduct yourself in the ways that you see fit.

[grayhatter]

> I'm not defending him so much as ...

Nah, it's clear to me that you're defending the CEO, and blaming the researcher. In a manner that's as you state is just my opinion, is inverse from what justice would be.