I discovered and reported a SEGFAULT bug in a widely-deployed IRC server. Upon reporting the bug confidentially to the lead developer, the bug wasn't taken seriously so I reported it in public.

Shortly after publishing my findings, an unknown entity exploited the bug to take down EFNet, one of the world's largest IRC networks. It was found that the bug affected a lineage of IRC daemon software, including those used on other large networks.

It was my first time reporting a bug of any kind, and I learned a lot about security and responsible disclosure from the experience.