📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - auf Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account and confirming your email.

Blake Welsh

From EverybodyWiki Bios & Wiki

Blake Welsh
Blake Welsh.jpg Blake Welsh.jpg
Born (1995-02-25) February 25, 1995 (age 31)
Silver Spring, Maryland
🏫 EducationAnne Arundel Community College
💼 Occupation
Known forCybersecurity research
🌐 Websitehttps://blakewelsh.com/

https://axiomgaming.net/founders

https://mycustompc.com/about-founders

Blake Welsh (born February 25, 1995) is an American cybersecurity researcher. Welsh is known for uncovering significant security vulnerabilities in major corporations, with his work covered by outlets including Vice, TechCrunch, Fast Company, Gizmodo, Yahoo Finance, The Register, Softpedia, and BuzzFeed News. He has also been recognized on the PayPal Wall of Fame and the AT&T Bug Bounty Hall of Fame.

Career

Cybersecurity

In May 2015, BuzzFeed News and other outlets reported his findings of a Verizon security flaw that left millions of home internet users vulnerable to personal account information leaks. The issue involved improper handling of the X-Forwarded-For HTTP header, a form of HTTP header injection, which could have allowed attackers to spoof requests and access sensitive customer data.[1][2]

In June 2015, he co-discovered a vulnerability in the "refer-a-friend" program of security firm LifeLock that could have allowed attackers to construct convincing phishing pages to harvest customer logins and passwords.[3]

That same year, Fast Company reported on Welsh’s discovery of a flaw in Charter Communications website that exposed account data of its internet customers.[4][5]

Welsh was also credited with identifying a critical bug in Aptean’s customer response system, which could have exposed user data. The exploit, a cross-site scripting (XSS) attack, was reported to have been tested on other major companies including Comcast, Time Warner Cable, Sage, CGI, and Cognizant. The flaw could have been leveraged in phishing campaigns by making malicious pages appear to originate from the legitimate websites.[6]

In November 2015, Welsh (together with researcher Eric Taylor) identified a flaw in MetroPCS's payment system that left the personal data of more than 10 million subscribers exposed, including names, addresses, and device serial numbers.[7][8][9][10][11]

For his work in responsible disclosure, Welsh was acknowledged by PayPal’s “Wall of Fame – Honorable Mention”.[12] He was also recognized on AT&T's Bug Bounty Hall of Fame.[13]

See also

References

  1. Bernstein, Joseph (May 13, 2015). "Verizon Security Flaw Left Millions Of Home Internet Users Vulnerable". BuzzFeed News. Retrieved 20 August 2025.
  2. Orf, Darren (May 14, 2015). "A Security Flaw Leaves Millions of Verizon Customers Vulnerable". Gizmodo. Retrieved 20 August 2025.
  3. Fisher, Dennis (July 1, 2015). "LifeLock Patches XSS That Could've Led to Phishing Threatpost". Threatpost. Retrieved 20 August 2025.
  4. Stuckey, Daniel (May 20, 2015). "Simple website flaw exposed data on Charter internet customers". Fast Company. Retrieved 20 August 2025.
  5. Brook, Chris (May 21, 2015). "Charter Communications fixes website data leak vulnerability". Threatpost. Retrieved 20 August 2025.
  6. Biggs, John (July 31, 2015). "Major Security Bug In Aptean's Customer Response System Puts User Data At Risk". TechCrunch. Retrieved 20 August 2025.
  7. Franceschi-Bicchierai, Lorenzo (November 13, 2015). "Nasty bug in MetroPCS website left personal data of subscribers open to hacker". Vice. Retrieved 20 August 2025.
  8. Fingas, Jon (November 15, 2015). "MetroPCS site flaw exposed the data of 10 million subscribers". Yahoo! Finance. Retrieved 20 August 2025.
  9. Cimpanu, Catalin (November 15, 2015). "Software Bug in MetroPCS Website Dumps User Data in Cleartext". Softpedia. Retrieved 20 August 2025.
  10. Register, Team (November 16, 2015). "MetroPCS patches hole that opened 10 million user creds to plunder". The Register. Retrieved 20 August 2025.
  11. Passary, Sumit (November 16, 2015). "Security Researchers Find MetroPCS Coding Issue That Could Have Exposed Customer Data (Or Worse)". Tech Times. Retrieved 20 August 2025.
  12. "PayPal Security Hall of Fame – Honorable Mention (archived)". PayPal. Archived from the original on 2016-03-18. Retrieved 20 August 2025.
  13. "AT&T Bug Bounty Hall of Fame (archived)". AT&T. Archived from the original on 2018-12-28. Retrieved 20 August 2025.



This article "Blake Welsh" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Blake Welsh. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=Blake_Welsh&oldid=5644383"
License CC BY-SA 3.0
Powered by MediaWiki