To say we were surprised and confused by this has to be a huge understatement – we had disclosed a vulnerability in good faith, were ignored, so escalated via LinkedIn private message. I think the definition of blackmail requires a threat to be made, and there was of course no threat. We don’t work like that!

We still don’t know if it was being investigated for a while before that, if it was tracked, how they fixed it, or if they even fully fixed every issue!

• Step 1: Outsource security to a dead email inbox
• Step 2: Blame other people
• Step 3: Profit?

“Some might consider this to be blackmail.”

Someone who doesn’t know what that word means maybe.