Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Mississippi's Age Guarantee Act Tests Decentralized Social Networks

August 28, 2025

Threads test how to share long format text on the platform

August 28, 2025

Do you hire AI, or are you a human being? Next frontier for Startup Ops in 2025

August 28, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Mississippi's Age Guarantee Act Tests Decentralized Social Networks

    August 28, 2025

    Threads test how to share long format text on the platform

    August 28, 2025

    New AI features in WhatsApp allow you to rearrange and adjust the tone of your message

    August 27, 2025

    Google and Grok are catching up to ChatGpt, says the latest AI report from A16Z

    August 27, 2025

    Google Vids adds AI avatars to the video editor and launches the consumer version

    August 27, 2025
  • Crypto

    Coinbase CEO explains why he fired an engineer who didn't try AI right away

    August 22, 2025

    Your next customer is destroying the 2025 Expo floor

    August 19, 2025

    Crypto Company Gemini File for Winklevoss Twins IPO

    August 16, 2025

    North Korean spies pretending to be remote workers have invaded hundreds of businesses, CloudStrike says

    August 4, 2025

    Telegram's Crypto Wallet will be released in the US

    July 22, 2025
  • Security

    According to Transunion, hackers say they stole the personal information of 4.4 million customers

    August 28, 2025

    The FBI says that China's salt typhoon has hacked at least 200 US companies

    August 27, 2025

    US sanctions fraud network used by North Korea's “remote IT workers” to steal money for work

    August 27, 2025

    Doge uploads live copies of Social Security databases to “vulnerable” cloud servers, whistleblower says

    August 26, 2025

    Security researchers map hundreds of Teslamate servers spilling Tesla vehicle data

    August 26, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Do you hire AI, or are you a human being? Next frontier for Startup Ops in 2025

    August 28, 2025

    From streaming to healthcare to AI, Mark Cuba reveals his “formula of confusion”

    August 27, 2025

    Uncork Capital in a 21-year venture cycle – and what's the difference between this?

    August 26, 2025

    A16z spends $1.49 million on lobbying in Washington, with rivals mostly going outside

    August 25, 2025

    Openai warns against SPVs and other “unauthorized” investments

    August 23, 2025
TechBrunchTechBrunch

Researchers discover flaw in a16z website exposing corporate data

TechBrunchBy TechBrunchJuly 18, 20243 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


In late June, a security researcher discovered a vulnerability in a web app used by a16z, one of Silicon Valley's most powerful and influential venture capital firms, exposing some data about the firm's portfolio companies. The bug has since been fixed.

On June 30th, a security researcher going by the name of xyzeva wrote to X, hoping to get in touch with someone at a16z, suggesting that he had discovered a security issue.

“Contact me now. This is bad. Security related,” she wrote.

When contacted by TechCrunch, Xyzeva said he found a “very simple bug” in the a16z portfolio portal that “gave him access to basically everything.” Specifically, he found an exposed API key on the site at portfolio.a16z.com. Xyzeva said the information he was able to see included emails, passwords, and “company details and employees.” He added that he was also able to send emails as a16z and access previously sent emails from the company's account on Mailgun, an email delivery service.

In a statement to TechCrunch, a16z's chief information security officer, Brian Greene, confirmed that the company fixed the bug the same day xyzeva contacted the company about its story, but said the issue did not affect any sensitive data.

“On June 30, a16z addressed a misconfiguration of a web app used for the specific use case of updating publicly visible information on our website, including our company logo and social media profiles. The issue was quickly resolved and no sensitive data was leaked,” Green said. “We remain committed to working with the security community on ethical disclosures and will continue to do so in a responsible manner.”

In a text chat reviewed by TechCrunch, xyzeva inquired about a bug bounty program (a way for security researchers to get paid for their discoveries) and a company employee replied that the company doesn't offer such a program. “However, we would like to have something special for you on this once our analysis is complete,” the employee said.

But a few days later, the employee told Xyzeva, “Unfortunately, we're having some issues,” according to another text exchange reviewed by TechCrunch.

“First, there's the method of disclosure: publicly posting that we had a significant issue could potentially lead potential attackers to scan our site looking for issues, which unnecessarily increases risk for our company and falls outside of our standard method of vulnerability disclosure,” the employee said. “Second, your follow-up post incorrectly describing 'basically everything is fully accessible' and promising a write-up did not convey the best intentions to the team. If this has been misconstrued, please let us know.”

It is not uncommon for security researchers to publicly disclose their findings once a vulnerability or issue has been fixed and no longer poses a risk.

At the time of writing, the portal where Xyzeva discovered the issue is unavailable, with a message on the site saying “This application will be discontinued.”

Over the years, a16z has invested in many well-known companies, including Airbnb, Coinbase, Instacart, Lyft, and Slack. The firm's founders, Marc Andreessen and Ben Horowitz, recently stated that they would support Donald Trump in the next presidential election.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

According to Transunion, hackers say they stole the personal information of 4.4 million customers

August 28, 2025

The FBI says that China's salt typhoon has hacked at least 200 US companies

August 27, 2025

US sanctions fraud network used by North Korea's “remote IT workers” to steal money for work

August 27, 2025

Doge uploads live copies of Social Security databases to “vulnerable” cloud servers, whistleblower says

August 26, 2025

Security researchers map hundreds of Teslamate servers spilling Tesla vehicle data

August 26, 2025

Thetruthspy phone spyware new security flaw puts victims at risk

August 25, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Mississippi's Age Guarantee Act Tests Decentralized Social Networks

August 28, 2025

Threads test how to share long format text on the platform

August 28, 2025

Do you hire AI, or are you a human being? Next frontier for Startup Ops in 2025

August 28, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.