50
In addition to letting the website owner know about the issue, I would reach out to Troy Hunt with your evidence, so the data can be loaded into Have I Been Pwned and the affected people notified.
Based on the description this seems to be improper authorisation. An authenticated user can access data that it's not supposed to (I assume you need to log in to see the data). The site in question should have a security contact where you can send your proven finding. Something like security@company.com or cert@company.com. They will usually require GPG encryption so the misconfigurstion you are reporting is not snooped (the attachment should be enough).
Make sure you check for a security.txt file (typically /.well-known/security.txt), they should have the most up-to-date information in there.
Email is always a traceable identification if you don't use an mail with alias features or front-end..
If the website in question belongs to a tech/hardware company, you could consider reaching out to Gamers Nexus (after you've given the owners of the site a reasonable amount of time to address the issue). They've published this kind of stuff in the past.
I appreciate this post, but this is also a lot of "trust me, bro" to....well, trust.
@hansolo Well, I can't really share more details without compromising the privacy of thousands of people who didn't ask for anything! I don't really know what else I can tell you? If the website does not fix it then I can disclose the vulnerability, but since there are accounts dating back to 2009 the code base must be super old and hard to fix so I'll give them some time.
Sure, I get that. But I can also just as easily say the same thing and claim it is one of the largest companies in the world.
You are 100% corect that we should not trust companies with our data. No argument there. Please just realize we might have some skepticism.
@hansolo Well it is not one of the largest companies in the world, I can tell you that. You don't really have to trust me (but why would I post it if that wasn't true?)
but why would I post it if that wasnโt true?
Dozens of reasons, really. People do irrational stuff all the time.
@hansolo Well, don't trust me then. I'm just a random person online after all! I'm not going to fight to prove something that I know happened, that would just be a pointless argument and a waste of time, I think.
I'm not making any argument other than why you may experience some skepticism.
Is this AI? Something feels off.
That's not very similar to how AI typically writes, at all.
@CodenameDarlen I'm glad I write well enough to be confused with AI but no, I haven't even used any em dashes! ๐
Hey... I use alot of em dashes in my notes and I really like em ! I hate that everyone associate em-dashes with ai written stuff (even if it's true !)
Rantoff
Ya, I was thinking about using more em-dashes because there neat, then AI took off
Seeing your profile you manifest an exclusive behavior like using hashtags and tagging communities very often on posts and comments, it seems something only an AI would care about. Too much correctness.
@CodenameDarlen It's because I post on mastodon : My instance is furries.club (check my username) and that's a Mastodon instance that works with hashtags to find posts. Instead of writing the same post multiple times, I use instead the ๐ถ๐ช๐ฐ๐ฒ๐ฌ ๐ธ๐ฏ ๐ฏ๐ฎ๐ญ๐ฎ๐ป๐ช๐ฝ๐ฒ๐ธ๐ท to write the post only once with hashtags and by tagging the Lemmy community so that it also gets posted there, and people who comment in one platform will also have their comment show up on the other platform.
Peak use of technology
Whenever you see a user starting their reply with a tag for the user they're replying to, you're interacting with a threadiverse user, usually mastodon or pixelfed
Not in all cases actually, as is shown by this reply! Mastodon just defaults to including the @ of the person you are replying to, so they get a notification, but it works without!
this post was submitted on 06 Mar 2026
50 points (91.7% liked)
Privacy
46763 readers
741 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS