How I Found An S3 Vulnerability.

It all started back in 2018 with the below email: I selected the link within the email it brought me to the following URL. Notice it’s a straight S3 link to a public S3 URL, with PII in it. (Take my word on that) :). So I sent this email: To which they responded: Now, remember, this is 2018: right at the height of the S3 bucket madness. You couldn’t go a single month wiRead More…