I'm wondering how it's possible that step 6 happened, not what the motivations are. It's written in multiple places as if database queries were issued after the database was taken down.
I think the data he discloses in the post is the one that he got before getting in contact with the company. He does this in order to prove that the database was accesible to anyone on the internet, instead of the "no breach at all" claimed on the response email.
He writes as if he has access to large quantities of data after the CEO responded to him, which implies that it was after the exposed database was fixed, as the author acknowledges in the email he sent to the CEO.
No I did not query the database after it was exposed.
The information I had was from when the database was publicly exposed.
I don't want to be too specific about the links for the files as I don't know if others accessed this information and could exploit it but they had the website path to download the files exposed on the database, you just needed to know what to add to it, I tried a few things from the information I had and found out they worked.
I would of probably skipped over this, but after their response I wondered if there was more to it.
The files were not stored on the database, they were on a cloud storage but that link made it so no authentication was required to access them (not an expert but would say some hard coded access keys or something similar).
To which the CEO was rude and dismissive and threatening. Which is often a sign of having something to hide. I assume the author decided to then verify if the threats were made from a position of strength or weakness.
I read his email as a polite gesture, giving them a chance to request more time. I'm still confused as to what parts you're missing. Are you trying to imply something, or do you really not understand that people can lie and withhold information?
> The email was read by someone, I assume the CEO, and less than an hour after it was sent, I could not connect to the exposed server anymore.
This was after the author’s first email, and before the CEOs reply.
What tptacek was getting at is that the article is a bit unclear on when the review of DB contents occurred, since the author no longer had access. (But I think it’s just because the author reviewed the contents already before they reported the issue.)