23.12.2022Vulnerability discovered.
23.12.2022Vendor contacted.
26.12.2022Vendor responds asking more details.
28.12.2022Sent details to the vendor, not encrypted. Asked for confirmation and next steps.
28.12.2022Vendor thanks us for the cooperation.
06.01.2023Asked vendor for update and plan for fix mob/web?
09.01.2023Vendor informs that our request has been received and will be reviewed within the responsible department. After the department responds we will be notified.
20.01.2023Asked vendor to provide status update and confirmation and to communicate more often.
23.01.2023Vendor informs that our request is sent to the responsible department. After the department responds we will be notified.
13.10.2023No response from the vendor.
14.10.2023Public security advisory released.
16.10.2023Vendor responds: Regarding the post on your link page, we would like to refute the claims of alleged vulnerability of NLB Bank's mKlik application. NLB Bank is continuously working on improving the functionality of its services and information security, and we approach all remarks with great seriousness and make a detailed analysis of the situation. Therefore, allow us to inform you and the public with whom the news was shared that, in the case you state, it is an inappropriate user display, which was immediately corrected after we detected it. In the interest of objective and transparent reporting to the public, we kindly request you to share this notice with your esteemed audience.
17.10.2023Replied to the vendor.
17.10.2023Automatic response from the vendor: [email protected] - Your message can't be delivered because delivery to this address is restricted. ¯\_(ツ)_/¯