So I've gradually opened up about this as the risk has decreased, but I think it's time I can publicly share something that happened to me this year:

I was part of an investigation into a possible violation of the CFAA. Or, more accurately, I was being investigated as a suspect.

TL;DR: I ethically disclosed an security vulnerability - SQLi leading to account info, plaintext passwords. That same issue was, according to the investigators, abused by someone (possibly me, they thought).

Follow

@LovesTha Yeah. I even got the classic line "I mean, *I* don't think it was you, but ..." -.-

In retrospect the way things played out it looks more like a due diligence check than a real threat to me, but the fact that it could have been "just" a due diligence check already speaks volumes about my keeping-the-nose-clean internet presence, workplace, etc.

Sign in to participate in the conversation
Mastodon

Taking the "Twitter" out of "InfoSec Twitter."