I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.
Over here, not just sued, but sued for extortion because they had the audacity to ask for bug bounty. Ok then, if I ever find a security hole that exposes sensitive data, filing a gdpr report it is
For the record, I didn’t bring up a bounty, but I still received payment. It helps that it is a small company, and that the CEO is also a developer. They were so grateful for the discovery that the bounty was freely offered without me asking.
I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.
Over here, not just sued, but sued for extortion because they had the audacity to ask for bug bounty. Ok then, if I ever find a security hole that exposes sensitive data, filing a gdpr report it is
For the record, I didn’t bring up a bounty, but I still received payment. It helps that it is a small company, and that the CEO is also a developer. They were so grateful for the discovery that the bounty was freely offered without me asking.