infosex.exchange <3

Apparently Bugcrowd was not pwned, they just try to roll out mandatory MFA:

https://www.bugcrowd.com/blog/bugcrowd-security-update-password-reset-and-mfa-requirement/

Scientists still struggle to come up with a way how this information could be included in the password reset mails they sent out, we’ll keep you updated about any breakthroughs!

h/t @raptor

https://www.youtube.com/watch?v=c78uEWJKl2A

So Bugcrowd got pwned or what?

• Welcome to the #Bureaucracy! You owe us some money, but fear not, you can easily pay it with our very modern VPOS!
• Really? There’s no new items in my online mailbox you usually use.
• Oh we sent this request in a (non-certified) paper letter to the other side of the city.
• commuting Got the letter, what’s the URL for the VPOS?
• Oh we won’t tell you that…
• Nvm, I just googled it, what’s next?
• You have to choose the code that corresponds to your debt!
• Is the code in the letter you sent me?
• No, but we gave each code a title, multiple of which are very similar to what you want to pay for.
• googling OK, I found a page that matches the codes with account numbers and you did sent me the an account number so I think I found the right code!
• (mumbbling Damn it we have to get that page down!)
• So you actually sent me two letters with different sums, which one is correct?
• crickets
• I’ll just pay the bigger amount, just in case click pay Transaction rejected!
• Banks these days, huh?
• Let’s retry…
• You can’t just retry, the form you filled out is invalid now! But we can automatically create you a copy.
• This “copy” has a NULL where the original had some unique ID, are you sure this is right?
• We’re sure it’s fine…
• Alright, click pay
• UNRECOVERABLE ERROR

It seems Budapest Micro Vol.2. was last weekend and the only info I can find about it is on the venue homepage and a report on scene.hu wtf?!