|Born||26 July 1996|
Mysuru, Karnataka, India
|🏡 Home town||Bengaluru, Karnataka, India|
|Title||Founder, CEO of Aspirehive
Founder, CEO of Voxy Wealth ManagementFounder of Stacknexo
Ehraz Ahmed (born 26 July 1996) is an Indian security researcher, entrepreneur, fin-tech professional, and ethical hacker. He is the CEO and founder of Voxy Wealth Management, Aspirehive, and StackNexo. He is known for detecting security flaws in websites such as Facebook, Twitter, Airtel and Apple.
Ahmed was born in Mysuru, Karnataka, India, on 26 July 1996. He joined PES College of Engineering in 2016 and dropped out the same year.
At the age of 14, Ahmed began to sell game hosting servers and started a company that later provided web hosting. At 16, he was listed in 50 Security Researchers' hall of fame for discovering security flaws in websites of companies like Facebook, Twitter, Apple, and Microsoft. In 2016, Ahmed started his FinTech company, Voxy Wealth Management. In 2017, he started Aspirehive.
On 10 October 2019, Ahmed found a security flaw in Justdial's Register API that exposed over 156 million accounts. The flaw allowed hackers to log into any Justdial account by placing the phone number in the username parameter. By doing so, this granted the hacker access to any person’s Justdial account. After a month, On 12 November 2019, Ahmed detected a digital flaw in the Bounceshare app. Exploiting one of its Internal Application Programming Interface (API) allowed hackers to log into any Bounceshare account, bypassing the users’ phone number into the request. In response, it returned with the Access Token and RiderId. This Access Token can then be used to access any Bounceshare account.
In September, 2019, he founded an exploit in the Pepperfry portal, an Indian furniture marketplace. The exploit can be used by hackers to get unauthorized access via API.
A few days later, on 18 November 2019, Ahmed detected an API flaw in Nykaa Fashion's internal systems that allowed a potential attacker to log in to any user account. And on 23 November 2019, Ahmed discovered a security flaw in Truecaller that exposed user data as well as system and location information. The security vulnerability allowed hackers to inject malicious links as URLs for the profile picture, exploiting anyone who would view the attacker's profile by search or through a pop-up. This API flaw would, in turn, allow the hackers to steal IP addresses along with other user data. Truecaller confirmed this information in a statement to Forbes and fixed the flaw. Further, on 7 December 2019, Ahmed detected a security flaw in Airtel's Mobile Application API that exposed personal details of more than 325 million users in India. Airtel acknowledged the issue and fixed the flaw after it was notified about it by BBC. and BusinessInsider listed Airtel's Security Flaw as one of the Biggest Data Breaches Of 2019.
A few weeks later, On 20 December 2019, Ahmed found a security flaw in SonyLiv that allowed attackers to fetch sensitive user information such as profile picture, email address, date of birth, name, and phone number of its registered users.
- Bakshi, Asmita (2020-09-05). "Lounge Heroes | Ehraz Ahmed: The protector of your privacy". Mint. Retrieved 2021-06-15. Unknown parameter
- Nazmi, Shadab (2019-12-07). "India phone giant fixes bug 'affecting 300m users'". Retrieved 2019-12-29.
- "Airtel Admits Flaw in Mobile App Could've Exposed Data of Millions". NDTV.
- "Meet Ehraz Ahmed, the white hat hacker who is helping Facebook, Google and Airtel stay secure". CNBC TV18. 2021-03-25. Retrieved 2021-06-15. Unknown parameter
- "Ehraz Ahmed is an entrepreneur who dreams with open eyes". The Statesman. 2019-08-29. Retrieved 2019-12-18.
- جمعة, عوض. "منها مايكروسوفت وآبل.. تعرف على الهاكر الهندي الذي أنقذ آلاف الشركات من القراصنة". Al Jazeera (in العربية). Retrieved 2021-06-22. Unknown parameter
- "A bug in Indian local search app exposed over 156 million accounts". The Next Web. 10 October 2019. Retrieved 1 December 2019.
- "Researcher detects security flaw in Pepperfry portal". Deccan Herald. 7 September 2019.
- Kar, Sanghamitra (18 November 2019). "Nykaa fixes a data security bug". Economic Times. Retrieved 3 December 2019.
- Doffman, Zak. "Security Flaw In Android, iOS Phone App: 'Immediate Fix' For 150 Million Users". Forbes. Retrieved 2019-12-18.
- "Airtel data breach exposes personal data of 32 crore subscribers". Business Insider. Retrieved 2019-12-18.
- Nazmi, Shadab (2019-12-07). "India phone giant fixes bug 'affecting 300m users'". Retrieved 2019-12-18.
- "Airtel's security flaw only took 15 minutes to find". Business Insider. Retrieved 2019-12-18.
- "SonyLIV Fixes Flaw That Could Allow Attackers to Fetch User Information". NDTV Gadgets 360. Retrieved 2019-12-20.
This article "Ehraz Ahmed" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Ehraz Ahmed. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.