A Carlsberg event wristband system leaked visitor PII, including photos, videos, and full names, due to a vulnerability with a 7-digit numeric ID. Despite responsible disclosure, the researcher faced months of silence and was told not to disclose the findings, ultimately leading to public disclosure after over 150 days without a fix.
Edward Kiledjian
@ekiledjian