We found vulnerabilities in the FIA's Driver Categorisation platform, allowing us to access PII and password hashes of any racing driver with a categorisation rating.
Oh definitely. They found a glaring vulnerability, it just doesn’t mean they hacked it. An equivalent would be somebody paying a pen testing team to see what they can do and the team finds an open window into the accounting office and they climb in, put a note on the desk stating that the pen testing team needs to get paid three times as much, and then accounting does it no questions asked after they find the note.
Oh definitely. They found a glaring vulnerability, it just doesn’t mean they hacked it. An equivalent would be somebody paying a pen testing team to see what they can do and the team finds an open window into the accounting office and they climb in, put a note on the desk stating that the pen testing team needs to get paid three times as much, and then accounting does it no questions asked after they find the note.