Listing Links · sumbits.ai

mrbruh.com x

Tags

see all

How I pwned half of America’s fast food chains, simultaneously. (mrbruh.com)

The article outlines a significant security vulnerability discovered in Chattr.ai, an AI hiring system used by numerous American fast food chains. The flaw allowed unauthorized access to sensitive data, including personal information of employees and job applicants. Despite responsibly reporting the issue, Chattr.ai’s response was notably lacking in recognition or appreciation.
Main Points
- Chattr.ai vulnerability discovered and exploitedA security researcher was able to exploit a vulnerability in Chattr.ai's Firebase setup to gain full access and control over its database, including sensitive user data.
- Sensitive data exposureSensitive data of Chattr's employees, franchisee managers, and job applicants was exposed, including plaintext passwords for some accounts.
- Lack of gratitude or engagement from Chattr.ai post-disclosureDespite responsible disclosure of the vulnerability, Chattr.ai failed to properly acknowledge the discovery, closing the support ticket without thanks.
12

200

47

63