15 Year Old Dutch Boy Sued after discovering exploit in Habbo Help Tool!

[Special]

You're right. Credit card details, mobile phone numbers, names, ISPs, addresses, emails, not that harmful.

right.

"You could at data from 15,000 people who will help tickets had created. Then saw your username, email address, title of the message and the content,

i just read from that, simmer down

[Aaron]

Sulake are a million euro company, surely they can invest in better security software.. it says a lot if a 15 year old can discover an exploit in their services.

[Daltron]

I think I remember this, my account was locked for like a few weeks as a safety precaution from the hack and when I attempted to get days lost in VIP back Sulake refused to compensate lol, even though they were the ones who locked my account.

[MKR&*42]

I just re-read the article and some comments from someone else on a different site, is this genuinely true (as this is what the translation also suggests):

15-year old boy finds a exploits in the Help Tool. He tried several times to contact Sulake but he couldnt get in touch with them. They asked him his IP-Address to search easier and let him download the information so they would know where to look ... All the time he was helping them to located the exploit so they could fix it and when they heard the court wouldn't prosecute him they went to the police and made their statement.

And look at this

"At one point an employee demanded that the boy would not call about the problem."

""Initially thanked Habbo Hotel Schröder for reporting, but return later shared with the boy and the friend did for computer intrusion."

Like what... you don't ask a kid to help you out with an exploit and then prosecute him for doing something YOU asked him to do. I'm not too sure how it got leaked out massively, but by asking him to download the data they already messed up...

Absolutely disgraceful if that is true and I don't blame anyone for not trusting Sulake after that.

[edible]

Yeah, it does make me lose a lot of faith in not only how Sulake stores our information but how they treat individuals also. Again, without going into much detail because Sulake asked me not to. I found an exploit in Uservoice. I could have used it to access accounts. I didn't. I sent it to Sulake and they were very thankful. It would appear this guy tried to help too but perhaps didn't have the correct contacts.

The whole thing irritates me no end. Especially when I spoke to client staff about it and their response was essentially, "Oh well, information is available in public directories". Yeah, because the Yellow Pages holds my IP, ISP, phone number, email and card information.

Truly shocking.