Tags: osint 


Writeup (with images): [Privacy Breach](https://footpics4sale.github.io/writeups/CTF/VishwaCTF2023/OSINT-privacy-breach.html)

Googling things like "password emailed back in plaintext" lead to this website (https://news.ycombinator.com/item?id=2414496) which mentioned plaintextoffenders.com

The Plain Text Offenders site has a note to use the list at https://plaintextoffenders.com/offenders

The Offenders List page has a link to a GitHub file:

Tried some domains from here and a bunch mentioned in recent years through Google searches... nothing worked.

Read the challenge description again...
> "I hope they lie at the bottom of the deepest pits of hell"

This has to mean something right?

? It was the domain listed at the bottom of the Offenders List file.

Flag: `VishwaCTF{napcosecurity.com}`

Original writeup (https://footpics4sale.github.io/writeups/CTF/VishwaCTF2023/OSINT-privacy-breach.html).