Looking for security contact at MTCaptcha

I’ve tried to contact MTCaptcha using their two documented email addresses ([email protected] and [email protected]) but didn’t get any response. If you know someone there I’d appreciate an email address.

1 Like

So the company has one (1) employee on LinkedIn, so if anyone has 1st or 2nd degree access to this LinkedIn account’s employee page: https://www.linkedin.com/company/mtcaptcha/

I left them a comment: MTCaptcha on LinkedIn: 95 Top San Francisco Cyber Security Companies and Startups of 2021

If nothing happens and it’s not a CVE, it’s probably useless to report it publicly.

Since it’s used by ABB (ICS), I would FORWARD the email your sent already to

ABB and CC: [email protected]

I would consider it ICS, so just forward the first email you sent to ABB and CC ICS CERT (above).

Once you’ve done all that, and if nobody responds, wait a wait, then you can probably just think about going public.

1 Like

Thanks for looking into this!

I did see their LinkedIn and the article you mentioned, but didn’t think of leaving a comment there.

ABB doesn’t seem to be using them anymore. I did find a few companies using them on Shodan/Censys, but none of them appear to have disclosure policies except for the BBP where I orignaly reported the vulnerability.

Damn, you could try [email protected]

[email protected] will go directly to the domain owner, via the WHOIS.

Abuse should work pretty quick though!

1 Like