|reply to Austinloop |
Re: Blaming the victim
What AT&T deserves is to lose customers/be fined for such a poor job of securing personal data (an actual legal requirement)
That however does not excuse this pairs actions, discovering the hole wasn't nessesarily illegal but continously exploiting it beyond a basic "can I reproduce it?" might be, and discussing and eventually trying to crash the stock definately is.
Not promptly disclosing it to the company once they understood of it's importance removes any chance of being classifed a Researcher and the long delay, and eventually disclosure method bring Hacking with criminal Intent into play.