I received an anonymous email from a hacker who spotted a security flaw with one of my sites. Here was my reply:
Thank you for your help! We fixed the issue — REDACTED —-
I am also required to say this for legal reasons: please make sure you delete all files and information from any computer you have related to our site. Please read thisĀ documentĀ on the definition of computer crimes (including accessing a computer system without authorization) and the associated penalties. Keep in mind the US has extradition treaties with most countries.
I will give you permission to write an completely anonymized (no mention of myself or the company or any details that could give away this) blog post on this security issue if you wish.
Please let me know if you spot any other security issues, but do not attempt unauthorized access if you do see an issue. Just let me know.