Not a journalist or reporter, my writing is not meant to be professional. You can read any other of my posts and see how I communicate and write about my finds, what I wrote here is in response to claims of harassment and threats to report me to Proton.
Those claims were made because of 2 emails I sent to the company, both of which I would say I was polite and quite the standard when it comes to sending vulnerability notifications to companies.
I provided the company every information they needed to fix the exposure and details that confirmed the exposure did exist on my initial email. Backed by the fact that less than an hour after my email, the database wasn't exposed anymore.
I then asked on a follow up email, because I did not get any reply to my initial email, if the company needed me to delay my publication so they could notify regulators/clients if that was their intent and that's when the CEO eventually replied and made those claims.
The CEO was provided with snippets of this publication that refuted his claims that the database wasn't exposed and still the CEO did not get back to me to retract any of his comments that I harassed them and nothing was exposed.
How can I check my own web app isn't exposing data like that?
Also, based on some of those email addresses used, all NZ blood testing labs are using this system... Yikes
mate... you might know what's going on more than this CEO but you certainly aren't more professional or mature than him
You've no idea, mate.
What are you talking about? Smurf account definitely defending your little buddies
Not a journalist or reporter, my writing is not meant to be professional. You can read any other of my posts and see how I communicate and write about my finds, what I wrote here is in response to claims of harassment and threats to report me to Proton.
Those claims were made because of 2 emails I sent to the company, both of which I would say I was polite and quite the standard when it comes to sending vulnerability notifications to companies.
I provided the company every information they needed to fix the exposure and details that confirmed the exposure did exist on my initial email. Backed by the fact that less than an hour after my email, the database wasn't exposed anymore.
I then asked on a follow up email, because I did not get any reply to my initial email, if the company needed me to delay my publication so they could notify regulators/clients if that was their intent and that's when the CEO eventually replied and made those claims.
To note also that before this publication went live, the CEO was also contacted by a journalist: https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/
The CEO was provided with snippets of this publication that refuted his claims that the database wasn't exposed and still the CEO did not get back to me to retract any of his comments that I harassed them and nothing was exposed.