[shitter]

I imagine the conversation between the CEO and his reports included something about "it's no biggie, the passwords were hashed using bcrypt, that's like irreversible encryption" without contextualizing that and mentioning that plaintext auth tokens were also exposed.

[badmintonbaseba]

I think it was downplayed even more. Supposedly the initial email by the researcher only had evidence for leaking database sizes, and I think it's likely that the CEO only got confirmation for this evidence internally and nothing more.

[JayeLTee]

Although I say:

"This server contains over 3,8GB of data exposed including the logins for 16,500 of your users and a lot of PII and credentials, you need to secure access to the server as soon as possible."

After all that transpired after etc I believe it's possible someone downplayed the severity of this to the CEO and he took that as an opportunity to ignore everything I wrote on the emails and reply that way to me assuming I was some cybersecurity vendor working for "Proton" trying to push something for the company to buy.