The author begins by recounting their experience with trying to contact the company CloudPets about a data breach. They highlight the company’s negligence in leaving data exposed and their lack of response to contact attempts. The author questions why companies are skittish about responding to disclosure notices, attributing it to the presence of scammers looking to profit. They then share a recent encounter with someone seeking a “beg bounty,” where they engaged in conversation to expose the individual’s fraudulent intentions. The author expresses their frustration with beg bounties and emphasizes the importance of open, honest, and transparent disclosure practices. They also criticize the abuse of the security.txt standard for beg bounties. The author concludes by encouraging others to respond firmly to such requests and to share their experiences.
https://www.troyhunt.com/beg-bounties/