Originally Posted by
matronyx
I was the one that raised the issue of how this was handled by the op.
Note, the information is valuable, I do not think anyone is disputing that. I took it from the standpoint of making sure of having individual username/passwords for sites. I even thanked the op for the info.
How technically accurate the perceived vulnerability is.... I don't know don't care.
Now comes the point...
I made reference to something being left unsecured, unknowingly or otherwise, and instead of alerting the owner first and foremost a general broadcast is made in the guise of being "helpful".
Can you imagine persons now that didn't bother to even check the security of shopinja getting curious and doing what the average script kiddy does "Mek mi go try it!!".
How is this helpful to the owner of that site or the persons who have not been able to change their passwords in time.
Firs't steps of a whitehat is to alert the site owners then escalate or move on, not expose to john public and create widespread panic and spreading of fudd.
Be responsible for what you post.