So all the while, for almost two years, Virgin didn't do squat about this. Gives me flashbacks to some of our disclosure interactions with PayPal and others.
Wonder why issues like this are so common - do they just de-prioritize vulnerabilities reported by researchers to death?
Virtually no legal consequences for them. Virgin is also one of the worst consumer business I have ever interacted with (and this includes many big US ISPs with bad reputations). The company is beyond dysfunctional.
Wonder why issues like this are so common - do they just de-prioritize vulnerabilities reported by researchers to death?