Payment flaw gave researcher 1.3 million MBR documents for just one cent

Imagine this: you’re scrolling through your Twitter feed, and suddenly, a local tech whizz’s post catches your eye. “Just spent one cent and got 1.3 million documents. #Malta #BugBounty,” it reads. Intrigued? You’re not alone.

Meet Timothée Jeanjacquot, a 25-year-old cybersecurity researcher from France, who found himself in the middle of a digital goldmine, all thanks to a tiny loophole in a Maltese payment system. Let’s dive into the story that’s been buzzing around the local tech scene.

Timothée was participating in a bug bounty program run by HackerOne, a global platform connecting ethical hackers with companies looking to improve their cybersecurity. The target? A local payment gateway based right here in Malta.

In simple terms, Timothée discovered a flaw that allowed him to exploit the system and retrieve a massive amount of data – 1.3 million documents to be precise – for just one cent. Yes, you read that right. One. Cent.

But how did this happen? Well, the payment gateway in question was using a specific API endpoint that wasn’t supposed to be publicly accessible. However, due to a misconfiguration, it was. Timothée stumbled upon it, realized its potential, and, well, the rest is history.

Once he confirmed the vulnerability, he reported it to the platform. After a thorough investigation, the payment gateway’s team acknowledged the issue, patched it, and rewarded Timothée a hefty sum for his findings. But that’s not where the story ends.

News of Timothée’s discovery spread like wildfire in the local tech community. It sparked conversations about cybersecurity, data protection, and the importance of ethical hacking. It also highlighted the need for regular audits and penetration testing to keep our digital infrastructure secure.

For Timothée, it was a reminder of the power of responsible disclosure. “I could have exploited this for personal gain, but I chose to report it. That’s the beauty of bug bounty programs. They allow us to make a difference while getting rewarded for it,” he said.

As for the payment gateway, they’ve since tightened their security measures and expressed their gratitude towards Timothée. “We’re lucky to have ethical hackers like Timothée looking out for us. It’s a wake-up call for us to always stay vigilant,” a spokesperson commented.

**