Security Vulnerability of a MNC Detected

When I was trying to automate some tasks with Microsoft Excel, I was exploring a website of a MNC in detail. As I was browsing through different pages and exploring different permutations of the URLs, I got a great surprise. I was able to see information of clients that I am not supposed to be able to see. I tried to load another page again to see if it is just my imagination or if I really found a security vulnerability. To my astonishment, I really could see information of clients.

I stopped immediately and reported the problem to the MNC through their contact form. However, imagine the potential damages it can bring to the MNC and its customers if someone else was to find it. For the MNC, the loss of goodwill will be strikingly fatal to the company and that is the reason why I did not reveal the name of the company. For its clients, can you imagine if your contacts are being sold to people? How much more irritating will telemarketing get? Additionally, that MNC holds some pretty sensitive information that most people would not want the information to be public.

I am very happy with the response of the company, since they tried to contact me within 12 hours of my notification. The next day, they contacted me again, so the response is pretty speedy. Now, I am curious on how fast they can resolve the issue and bring an end to this security breach before someone else exploits it.

I think this brings an important point to businesses. Just because you spend that multi-million dollar developing a system, don’t expect it to be secure. Security is a very important concern in the face of increasing demand of privacy, yet companies do not invest enough in making their systems secure.

Honestly, I feel that I should be rewarded for discovering that breach since it will be absolutely disastrous if someone with malicious intent found it instead of me. Realistically though, I know that it will be a pure dream for myself to get compensated. For now, let’s see how fast they take to resolve the issue.