A hacker by the name, 1×0123, has revealed he found a flaw in the Panamanian tax company, Mossack Fonseca, which was involved in the #PanamaPapers leak of last week.

The hacker who found the SQL bug on Saturday might be too late for the Panamanian firm, which is busy handling the aftermath of the offshore companies saga. He revealed he found the bug on the custom online payment system of Mossack Fonseca, which is called Orion House, and he put some of the configuration data inside a Paste.ee file.

The self-styled, “underground researcher” said through his 1×0123 Twitter account handle, “They updated the new payment CMS, but forgot to lock the directory /onion/,” he said.

Mossack Fonseca is a Panamanian based company that specializes in setting up offshore accounts for the rich and wealthy. The company claims they do not, nor have they ever done anything wrong. The leak of its data has created a huge political stink in many countries that might take months and even years to handle. The company’s lawyers have reiterated that the leak was due to a hack and not a whistleblower as previously thought.

1×0123 sent an email to the company notifying them of the issue and took a screenshot to prove it. However, if Mossack Fonseca will reply soon or at all is too soon to tell since they are still recovering from the massive data leak of last week which caused shocks around the world. Mossack Fonseca was allegedly hacked, and several terabytes of data were revealed in what is said to be the biggest leak since WikiLeaks.

The 1×0123 timeline on Twitter shows that although he hacks company servers illegally, he still manages to notify them if he finds any flaws in their systems providing details. Such type of hackers is called grey hat hackers. He has also been involved with Edward Snowden, whom he notified of a blind XSS (cross-site scripting) on the Freedom of the Press Foundation website. This is a project the US whistleblower is working on personally and thanked 1×0123 via Twitter on Sunday.

Thanks to @1×0123 for reporting a piwik vulnerability to @FreedomofPress! Great work. Got a bug report? Please contact @ageis with details. — Edward Snowden (@Snowden) April 10, 2016

He has also been a grey hat hacker for The New York Times, NASA, Telegram, and SourceForge. His tweets also reveal that he might be the same person who tried to sell access to the LA Times after he had managed to leverage a vulnerability in the Advanced XML Reader WordPress plugin.

His account also indicates that he might have access to personal information of people who are signed up to an adult site, Naughty America.