Shoot the messenger, Thursday edition: Botched ICO leaks users’ passport data, calls police on guy who found the bug
Fledgling cryptocurrency startup Sentinel Chain, which promised to “unlock the economic potential” of the poor, launched its initial coin offering (ICO) earlier this week, but it missed one thing: a critical vulnerability that made it possible to scrape its users’ personal data, including their emails and passport images.
Shortly after kicking off its ICO on February 5, Sentinel Chain was forced to temporarily shut down its token sale after the company was notified that its KYC system (a common procedure users need to complete in order to enter token sales) was leaking users’ credentials due to a severe glitch.
Read more on TheNextWeb. From the reporting, it sounds like the startup reported the anonymous individual who found the bug to the police.
Okay, folks, flowers, a bug bounty, and a public thank you would have been much more appropriate.