this post was submitted on 17 Jun 2026
52 points (100.0% liked)
Technology
85539 readers
3482 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Bug bounties? Guy started with how they reached out over 100 days ago. It's also bringing to light how many APIs are also exposed as I call into question some stuff I use too.
I'm no expert, but having that data exposed is not using HTTPS then, right? Didn't a bid for Frontier come from a public group after they filed for bankruptcy? Or maybe that's Spirit, idc. Either way, not good, however, OP isn't exposing the actual customer's information, either.
It is using HTTPS, but all you need to get the full PII dump is a last name and calculable PNR number. No other authentication required.
you can transfer data over the internet securely (HTTPS) but still have access to their api and get data you shouldnt be able to get (as they've detailed)
Bug bounties because it appears communication went off the rails when he started asking them for money.
That’s why I said both players in this story are in the wrong. It’s a case study in how NOT to handle responsible disclosure.