IMO the thing to do hypothetically is email and CC the news desks of the most legitimate newspapers you can think of with a link to the data.
They will all run the story because if one of them will and the rest dont want to miss the train and they will all reach out to the company asking for comment after they document and verify that the data was publicly available.
This wont do anything. oh no, a news story from some also corrupt org. Oh No! a data breach! can I offer you one month of identity monitoring in this trying time?
Honestly, if I stumbled across open/vulnerable data like that I wouldn’t know where else to post that anonymously. 🤷♂️
4chan wouldnt be it. Maybe breachfourms om the darkweb.
Then you can go on the clear web and pretend to be a random user who happened to see the post and then post that somewhere.
Why? Nothing the user that accessed this did was illegal. Like here’s an open s3 bucket… Can’t prosecute me for that.
Security through obscurity has unfortunately been a successful argument in the past.
https://en.m.wikipedia.org/wiki/United_States_v._Swartz for a specific example. While he committed suicide before it was resolved it does show the kind of hammer that can be brought down from accessing public info
yeah but why even give them the chance to try
IMO the thing to do hypothetically is email and CC the news desks of the most legitimate newspapers you can think of with a link to the data.
They will all run the story because if one of them will and the rest dont want to miss the train and they will all reach out to the company asking for comment after they document and verify that the data was publicly available.
Emphasis on anonymously.
I mean how anonymous you need to be depends entirely on how legal the method you found the data is.
This wont do anything. oh no, a news story from some also corrupt org. Oh No! a data breach! can I offer you one month of identity monitoring in this trying time?