This evening I discovered a possible security problem with an online service who sell a physical problem.
I’m being intentionally vague now since I’ve responsibly disclosed it to the company and they’re going to work on it. They’ve let me know I can publish a post when it’s fixed.
For ethical hackers, there is HackerOne, but to submit a bug, a) the company has to exist on the program, and b) it needs to be a code exploit (I believe).
This bug isn’t a code based exploit as such and the company don’t exist on H1 from what I can see.
I’ll update when I hear back from them.