How do I blow the whistle without getting involved?
December 3, 2008 6:49 AM Subscribe
I stumbled on a phpMyAdmin page for a database of personal info along with credit card numbers, hosted by a multinational corporation. I deleted some records. How do I report it without being accused of hacking?
posted by anonymous to law & government (23 answers total) 7 users marked this as a favorite
I Googled an old address, and on the first page of results was a phpMyAdmin page with my partner's name, email, and old address. I clicked on the result and was taken to a purchase records database, complete with phone numbers, credit card numbers and expiration dates. I showed my partner the page and asked, "is this your credit card number?" and got a "yes... WHAT???!!!"
I realized I had admin privileges, so I tested deleting a record, and when it worked I deleted my partner and several other records for good measure.
Now I'd like to tell someone about it, but I'm afraid if I email the company, it will turn into a Very Bad Scene. Again, this is a large multinational company, and I don't want to get caught up in this.
Where could I report this, such as a specific person in the media or wherever, who would handle the information responsibly?
My IP address is now all over this thing. Could what I did be considered hacking?
Also, what is the best way to email someone anonymously?