Security News > 2021 > March > Engineer reports data leak to nonprofit, hears from the police

Engineer reports data leak to nonprofit, hears from the police
2021-03-25 08:35

A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization.

On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.

A little over a week later, a letter arrived from Apperta's lawyers stating that they considered Dyke's actions as "Unlawful" and demanded a written undertaking that any data the engineer had come across was deleted.

In emails seen by BleepingComputer, Dyke further clarified to Apperta's lawyers that the information he came across was being leaked on GitHub publicly for over two years, rather than proprietary data obtained as a part of unlawful hacking activity.

The details gathered by the engineer as a part of the responsible disclosure was done so from openly accessible public URLs published by Apperta on the internet.

The engineer told BleepingComputer he believes the police investigation is linked to the Apperta incident, given that Northumbria Police oversees the jurisdiction where Apperta's offices are located.


News URL

https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-nonprofit-hears-from-the-police/