[ta988]

No bug bounty? Major hardware company? Disaster in 3 .... 2.... 1...

[AlexErrant]

Heh, I recently reported a bug to a pretty big healthcare company where I could simply increment the integer ID in the URL and see other patients' info.

Didn't get so much as a "thank you". At least they fixed it. But I'm sure they have other vulns given how stupid this one was...

[pixl97]

Hell, you're probably lucky they didn't send the cops after you.