⚠️ This article is only meant for educational and ethical OSINT investigation purposes. This is to spread cyber awareness and make people think twice before uploading personal documents in any online tool or site.

Bug hunter's responsible disclosure frustation since 2018 Researcher responsibly reports several vulnerabilities Result: No response

Evidence 👇

Yes, there is HackerOne responsible disclosure assistance(but no guaranteed response), because it's only forwarded when vulnerability is considered P1 level like : RCE stuff

Created couple of dorks that leads to PII leak which is publicly visible to anyone. This can be utilized by attackers to create more convincing and realistic spear phishing emails as victims are more likely to believe it when the data matches to their identity!

1️⃣ Aadhaar Details

site:scribd.com "Aadhaar" "DOB:" "/1990" -intitle:"FAQ's"
site:scribd.com "Aadhaar" "DOB:" "/YYYY" -intitle:"FAQ's"

2️⃣ Personal Flight Ticket Details

site:scribd.com "E-Ticket" "Paytm Booking ID" "Flight"

It's very old data of 2018, so modify the dork to add the year at last

3️⃣ Insurance Detailss

site:scribd.com "Insurance" "DOB:" "/1990" -intitle:"FAQ's"

4️⃣ Police

site:scribd.com "Police" "DOB:" "Arrest"

How to handle all these ?

• This is only possible when strict cyber laws are implemented in all countries and any failure to handle security of personal data, pay a hefty fine for it.
• But no one cares, when questioned, Person A blames Person B, Person B points to Person C, and as a result normal people are left with no hope at all. Who will take the cybersecurity responsibilities in their shoulders ?

Have fun, see you in next article 🤘