I found a major SQL injection that probably disclose literally “everything” in Zoetis.com’s sister site. I had emailed CS, tried sending them a message over Twitter, but they do not accept messages. No reply to my email in last 90+ days. Anyone kind enough to share a contact of security team?
Thank you in advance.
Hey again @ifconfig-me, have you tried calling In the U.S., call 1-888-Zoetis1 (1-888-963-8471).
I’ll ring them tomorrow for you anyway, can you confirm [email protected], [email protected] did not respond either?
UK Number also: 0845 300 8034 (I’ll call if you’d like to protect your anonymity)
Once I receive a response, do you want me to CC you the response from them using your forum email address you signed up with here, or do you want me to reply here with their response?
I’ll try a few more numbers for you on Monday.
If you’ve sent any emails already, FWD your notice of urgent intent to reach the company, but not the FULL original reports to [email protected], since they’re just the customer support term. No worries if you have already, we can only do what we can do :)!
Just so it’s all, “on the record.”
And that you’ve done all that you can to reach out.
Let’s see how it goes, hope they respond promptly
I found what you want: https://zoetis.ethicspoint.com
On the Australian site there is a Whistleblower policy PDF at the bottom (blues clues).
Try: [email protected]
Zoetis has nominated Protected Disclosure Officers who are trained to receive whistleblower
reports. Any person may make a report to any of the following Protected Disclosure Officers
who do not report in the local Australian business specifically to ensure their independence
from local executive management:
o Mark Worsman, Senior Director, Legal [email protected]
o Amy Conti, Deputy Chief Compliance Officer [email protected]
Ethics Point works - it got me directly to Sec team once. It’s their compliance portal lol.