Sources: National Post, CBC
quote: When he found the vulnerability and reported it he was thanked and set on his way! Two days later, too short of a time to realistically expect a fix, he ran a security scanner against their system to 'verify that the issue was fixed'. That is when things went south and for good reason. Think. He was no longer messing around with the API, he was now poking at a known vulnerability. He was scanning the entire system for weaknesses. There are practical reason's that those scanners aren't run routinely, namely that they can cause massive and unpredictable problems with the system even if it's totally secure.