Who would report this? Are they hoping for a bug bounty or they know their competitors are using the technique?
They tried to report it to MSRC, likely to get a bounty, and when they were stiffed there and advised to make it public they did.
I would have done the same.
alt Hacker News
They tried to report it to MSRC, likely to get a bounty, and when they were stiffed there and advised to make it public they did.
I would have done the same.