What is the best way to report findings?

[malkia]

Hi Team,

I've found that one particular site (for paying medical bills in US) that I use showed leaking plain-text passwords, although the connection of this site to another site (for login purposes) is through https. Also excuse my naivitete, I do not claim to know anything about security, privacy, so might be just fine..

In any case it dispalayed to me Requests exfiltrating personal data extracted from web forms for both email/password, and in Chrome Developer ToolBox - I could see in plaintext my user/password.

My question really is - is there an appropriate way to report these without affecting other users? After all I have to use this service, and not sure how they can be reached to fix it.

(Since I can't use the chrome web store to install the plugin, I've installed it directly from a folder I've "git cloned")

Thank you!

[asumansenol]

Hi @malkia,

Thanks for reaching us regarding that issue to us, it is great to see that our extension helps for identifying the leakages from online forms. We reached out to both first and third parties via email about the details of password collections. From these gist, you can check the sample emails that we sent to

1. first parties,
2. third parties.

I hope this helps. If you need any other info, just let us know.