1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Found Security Breach in GB Service - Now they're mad?

Discussion in 'BlackHat Lounge' started by Vanzant, Feb 7, 2017.

Thread Status:
Not open for further replies.
  1. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Hey BHW,

    There's this major group buy service with a system they set up for their security to avoid accounts being leaked. It's very good and they use stuff like LastPass and other custom code to keep their accounts safe.
    After only one hour of playing with the code I finally managed to break it and I took all the accounts out and changed them.
    Think of Majestic, SEMRush, Ahrefs, Moz, Long Tail Pro etc. etc.
    Almost all of them have 1 year subscriptions on them activated a few days ago costing a fortune.
    Now don't worry! The good guy that I am ;), I emailed the guys stating that there's a huge leak and I'd be willing to explain it to them and of course give the accounts back.

    So mailed them the new logins, they changed it back and I just mailed them the entire explanation of the security breach.

    I did add "Can I get an reward as in x months of free usage of the service?" in the end, haha.
    That's only right, I saved them a lot of money, didn't I?

    Not to mention that I've referred 2 monthly paying customers to them for their highest package earlier without affiliate fees.

    Just wanted to share this with you guys, they usually reply within minutes so just waiting for the next reply to see if I get a reward :D

    Do you guys think I deserve a reward (x months usage)?

    Hope you had a nice read!
     
  2. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Actually, I've referred three people when I think about it, lol.

    Okay, no response yet. Let's see :)

    Who thinks I made the wrong / right decision?
     
  3. christianbed

    christianbed Jr. VIP Jr. VIP

    Joined:
    Aug 17, 2011
    Messages:
    1,403
    Likes Received:
    919
    Location:
    alert("Make Money")
    Home Page:
    There is a post floating around here (perhaps in JVIP section) by a member who found exploits in an online poker platform. If I recall correctly, once he consistently replicated the flaw, he contacted them with an offer to demonstrate/fix it in return for compensation. He wasn't hacking the site...just exploiting a flawed pattern in their algo.

    Companies hire people to do this all the time. Google even has a site dedicated to it, including their rewards structure:
    https://www.google.com/about/appsecurity/programs-home/

    If you've got skills, throw up a basic 'Ethical Hacking / Cybersecurity' wordpress website, copy the offerings of the big companies in that space, then contact businesses with your offer. You may need their permission, and should get some legal advice before proceeding, but lots of companies pay bounties for this kind of thing.

    Forget about getting free ahrefs access for your work...you can charge BIG bucks for this kind of service if you can find vulnerabilities.
     
  4. dhia27

    dhia27 Jr. VIP Jr. VIP

    Joined:
    Jan 26, 2016
    Messages:
    497
    Likes Received:
    205
    You know what they say !
    [​IMG]
     
  5. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Hey, yeah I know, it's a great thing. Big companies such as FB, Apple & others are offering huge bounties as well.
    I know some people who do that but they get ripped off as some companies won't pay.

    Thanks for your input! Do you think I made the right choice by asking for a reward?

    Just got mail! Let me update you lot in a sec.
     
  6. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Okay, just got mail. They're saying I caused trouble? What?
    Also, the trial acc thing is just wrong. I clearly saw Agency Plans in some of the accounts worth 600-1k+ just billed off of a CC. (LongTail Pro, Ahrefs for example)

    Have a look at the screen here:

    https://gyazo.com/a795ab707387b242b2969b58362d64dc

    What to do guys?
     
  7. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
  8. Shield Wall

    Shield Wall Junior Member

    Joined:
    Oct 4, 2016
    Messages:
    140
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    Freelancer. IM Enthusiast. Gamer.
    Location:
    World Wide Web
    [​IMG]
     
    • Thanks Thanks x 1
  9. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    They're being very rude. I gave them the breach politely and they should have their own guy for solving these breaches. Are they insane?

    "Well, you only got all the accounts, you didn't solve it hurr durr"
     
  10. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Should I just take some accounts and leave? I'm really considering that now, Jesus Christ.
     
  11. emgh

    emgh Regular Member

    Joined:
    Jun 20, 2016
    Messages:
    263
    Likes Received:
    50
    Gender:
    Male
    They're mad because their code is vulnerable.
     
  12. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Yeah, they got triggered big time. What should I do? Take some accs and leave?
     
  13. Shield Wall

    Shield Wall Junior Member

    Joined:
    Oct 4, 2016
    Messages:
    140
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    Freelancer. IM Enthusiast. Gamer.
    Location:
    World Wide Web
    Seemed from that email they won't pay you a dime. Now do what you think is more profitable.
     
  14. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    I don't want to be THAT guy though :)
    Oh well, let's go. I'm doing what "I think is most profitable".
     
  15. tophi

    tophi Jr. VIP Jr. VIP

    Joined:
    Sep 7, 2012
    Messages:
    503
    Likes Received:
    98
    They are kind of funny, by reading I can understand that they don't want to confirm you hacked them haha. Also they want from you solution .... so they are non verbally confirming they have been hacked. Ask for real money or hack them and put the data public so they loose their clients.
     
  16. spectrejoe

    spectrejoe Jr. VIP Jr. VIP

    Joined:
    Sep 25, 2013
    Messages:
    2,105
    Likes Received:
    440
    Home Page:
    Let me guess, it's this one:
    http://www.seogroupbuy.net/

    They support is shit and I've heard people saying a lot of shit about them
     
  17. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Holy crap. New update.

    They're now claiming I hacked LastPass?! LastPass is an addon used by millions of people around the globe! Are they insane?

    "Group buy is based on trust y'all"

    Screenshot:

    [​IMG]
    https://gyazo.com/e7d3b148bdef3581e59440f66dd6a22b
     
  18. Vanzant

    Vanzant Junior Member

    Joined:
    Dec 25, 2016
    Messages:
    101
    Likes Received:
    17
    Gender:
    Male
    Not even mentioning how they claim I hacked MOZILLA FIREFOX?

    What the fuck?! :D
     
  19. AustinNash5

    AustinNash5 Jr. VIP Jr. VIP

    Joined:
    Jun 9, 2016
    Messages:
    526
    Likes Received:
    117
    Gender:
    Male
    Fucking gold lmao
     
  20. frenchboy

    frenchboy Power Member

    Joined:
    Aug 19, 2008
    Messages:
    755
    Likes Received:
    1,334
    The thing idtios like you dont understand about hacking is that you're not doing them a favor. Anything is hackable. I can easily steal someones wallet. Am I doing them a favor by giving it back and telling them their wallet insnt secure in their pocket? No, I'm just being a fucking prick.

    Am I doing someone a favor by breaking a window and robbing someone's house just to prove that their window isn't secure? No. I'm being a fucking prick.
     
Thread Status:
Not open for further replies.