Comment by richbell
4 months ago
> Most of the person’s post and responses here are about Zendesk’s issue, but Zendesk was never informed
It's not clear whether they were informed. The mediator's email says "after consultations with *the team*", which is likely referring to Zendesk's security team.
It anyways took Zendesk several months to fix the issue and they also didn’t acknowledge the author with what should be a very sizeable bounty. It’s not every day that someone tries to warn you about a massive security hole and then goes out of their way to warn your clients for you because you ignored them.