On June 4th, 2018, MyHeritage discovered that information about it’s 92 million users had been stolen and published on an external web server. The data was discovered by a security researcher, who immediately provided MyHeritage with the information they found. But what was included in the data, and what do customers need to know?
Bug bounty programs provide a successful way for organizations to focus on their information security. Through these programs, researchers are able to routinely look for security flaws in their servers or applications. But could current laws put researchers and organizations in a legal “grey area?” Does enacting a bug bounty program replace a professional penetration test?