[jcims]

Nobody is forced to participate in a bug bounty. If you don't like the rewards, don't do it. There's a limit to the financial viability of these programs.

[sjg1729]

If the bug bounty program doesn’t pay out much, there will be plenty of less reputable actors happy to pay more

[dns_snek]

Who's talking about participation? We can be appalled by their business practices as their customers (actual or potential). These are the same companies that tell us that our privacy and security is their #1 concern, and use that justification to take away our rights "for our own good", but when there's a real threat they address it with with a business-casual equivalent of "fuck off".

[raxxorraxor]

This is why there need to be strong fines associated with such security issues. That would provide financial viability enough.

Even if the issue wasn't abused, it looks like data already leaked.