Amusement park Walibi has informed a software developer who found a data breach at their facility that they will file charges against him for extortion. The man asked for free tickets in exchange for his discovery, and this went down the wrong way with the amusement park.
The man found out that it was child's play to be able to see the theme park's sales figures by inspecting the payment screen. By inspecting a Web site with f12, you can see how it is laid out. You take a look behind the scenes, as it were. Anyone can do this at any website. Usually there is also nothing exciting to find at all because websites also know this can be done. Now it turns out that Walibi accidentally sent in a file in which the sales data of the shop was kept. The software developer reported this vulnerability in an e-mail.
From an earlier email exchange with the amusement park, he had understood that he could receive free tickets for such a find. But his e-mail with the title "Trading a data breach for tickets" is considered extortion by the amusement park. Walibi director Mascha van Till therefore responded to his e-mail by saying that the amusement park will not allow itself to be blackmailed and indicated that it would press charges against the software developer. Whether the latter actually happened is not known. The discoverer of the leak announced in an open letter that it was a big miscommunication and that he never had the intention to blackmail Walibi.
This news item can also be found in the Data Breach file
