Source - Medium - My name is Vladimir and I am a security researcher based in Kiev.
It came to my attention that luminati.io website has a malicious development expertise and has left open a chance to scan all their customers for wide public. I have reported them thru their sales agents as they don’t have bug bounty, but no one responded.
you can scan them thru their links for example
https://luminati.io/cp/zones?cust=amazon&manager=all&group=activehttps://luminati.io/cp?login=1&cust=fornova&manager=all&group=active
https://luminati.io/cp/dashboard?cust=proofpoint&group=active&manager=all
I see their customer list floating in the web already https://ybin.me/p/2c5b4463becadd1d#97E7P8HfgGrWeRjBj0XF1Ae14aGf+ilPooLdIbB2PQ8=
but they are not responding.
Luminati has an history of not informing customers of being exit nodes thru hola or SDK so I think they might want to burry this too.
It also came to my attention that such big giants like amazon.com are using a malicious website that installs a malware-like proxy thru SDKs.
But as always it always comes down from the top, I have been working at this company remotely 2 years ago and it felt like 1994, military type behaviour, the investor Mark Joseph from EMK Capital is very aggressive and runs the show, founders are not that active, but funniest part is that emails are very controlled, even how to set commas, short, no regards or best at the end, to the point only, if you dont do it, it is sent to everybody to laugh…
I tried to reach to journalists but they immediately get threats from luminati legal team and they don’t publish this information, even big companies like techradar, techcrunch.com and such.
Hope this can go to public thru other means.
It came to my attention that luminati.io website has a malicious development expertise and has left open a chance to scan all their customers for wide public. I have reported them thru their sales agents as they don’t have bug bounty, but no one responded.
you can scan them thru their links for example
https://luminati.io/cp/zones?cust=amazon&manager=all&group=activehttps://luminati.io/cp?login=1&cust=fornova&manager=all&group=active
https://luminati.io/cp/dashboard?cust=proofpoint&group=active&manager=all
I see their customer list floating in the web already https://ybin.me/p/2c5b4463becadd1d#97E7P8HfgGrWeRjBj0XF1Ae14aGf+ilPooLdIbB2PQ8=
but they are not responding.
Luminati has an history of not informing customers of being exit nodes thru hola or SDK so I think they might want to burry this too.
It also came to my attention that such big giants like amazon.com are using a malicious website that installs a malware-like proxy thru SDKs.
But as always it always comes down from the top, I have been working at this company remotely 2 years ago and it felt like 1994, military type behaviour, the investor Mark Joseph from EMK Capital is very aggressive and runs the show, founders are not that active, but funniest part is that emails are very controlled, even how to set commas, short, no regards or best at the end, to the point only, if you dont do it, it is sent to everybody to laugh…
I tried to reach to journalists but they immediately get threats from luminati legal team and they don’t publish this information, even big companies like techradar, techcrunch.com and such.
Hope this can go to public thru other means.