Researcher finds flaw in a16z website that exposed some company data
Reading Time: 2 minutesAt the end of June, a security researcher found a vulnerability in a web app used by a16z, one of the most powerful and influential Silicon Valley venture capital firms, which exposed some data about the firm’s portfolio companies. The bug has since been fixed.
On June 30, a security researcher who goes by xyzeva wrote on X that she was looking for someone from a16z to reach out, hinting that she had found a security issue.
‘Get in touch, now. its bad. security related,’ she wrote.
‘On June 30th, a16z addressed a misconfiguration in a web app that is used for the specific use case of updating publicly available information on our website such as company logos and social media profiles. The issue was resolved quickly and no sensitive data was compromised,’ said Green. ‘We remain committed to collaborating with the security community on ethical disclosures and will continue to do so through responsible means.’
‘First, there’s the disclosure method. Posting that there was a serious issue publicly meant that potential attackers likely scanning our sites to search for the issue, which increased risk for us unnecessarily and is outside the norm of how vulnerability disclosures are performed,’ said the employee. ‘Second, the follow-up post that incorrectly described ‘full access to basically everything’ and promised a write-up didn’t signal the best intentions to the team. If any of this is being misunderstood, please let me know.’
It’s not uncommon for security researchers to disclose their findings when the vulnerability or issue is fixed and no longer at risk.
As of this writing, the portal where xyzeva found the issue is not available. ‘This application is being deprecated,’ read a message on the site.
Over the years, a16z has invested in several well-known companies like Airbnb, Coinbase, Instacart, Lyft, and Slack, among many others. The firm’s founders Marc Andreesen and Ben Horowitz have recently said that they are supporting Donald Trump in the upcoming presidential elections.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG