u/ibackstrom

Another H1 triager "informative/duplicate"

Credits: weezerOSINT

I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account.

nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.

u/ibackstrom — 3 hours ago

▲ 20 r/bugbounty

Payouts are so tiny recently. What team do you work on full time (Red, Blue, IR, AppSec)?

So I feel that bug bounty has become a huge rat race, and platforms seem to understand that. As a result, payouts have become really small. I’ve been thinking about moving into a full-time security job, and I was wondering if everyone here is a red teamer (which might seem obvious). But I’m not really into obvious paths, so I’d appreciate any insights into what kind of roles (apart from red) you currently enjoy.

u/ibackstrom — 4 days ago