I accidentally found a serious data leak on a website, what next?

Question

This company's website apparently indexed folders full of customers' private documents, they're all on Google. I found them accidentally by googling something else.What is the proper procedure here? Should I ask for a bounty?

breckenedge · Accepted Answer

Check if they have a security.txt file at the root of their website. They may not offer a bounty program, but if they do, you can be pretty sure that they have some sort of public statement about it and how to contact them.
https://securitytxt.org/
https://en.wikipedia.org/wiki/Responsible_disclosure

codegeek · Answer

The right thing to do is to contact them. If they offer a bounty, great. If not, please still let them know.

I accidentally found a serious data leak on a website, what next?

This company's website apparently indexed folders full of customers' private documents, they're all on Google. I found them accidentally by googling something else.What is the proper procedure here? Should I ask for a bounty?

Check if they have a security.txt file at the root of their website. They may not offer a bounty program, but if they do, you can be pretty sure that they have some sort of public statement about it and how to contact them.https://securitytxt.org/https://en.wikipedia.org/wiki/Responsible_disclosure

The right thing to do is to contact them. If they offer a bounty, great. If not, please still let them know.

This company's website apparently indexed folders full of customers' private documents, they're all on Google. I found them accidentally by googling something else.
What is the proper procedure here? Should I ask for a bounty?