Alex Schapiro
Security researcher & CS student at Yale. I build stuff people use and break stuff to make sure it's safe. Currently running CourseTable.
Recent Posts
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files
Zero authentication, full admin access, and a privacy nightmare for lawyers.
Update: This post received a large amount of attention on Hacker News — see the discussion thread.
Brute-Forceable Airline Reservation API Left Millions of Passenger Records Vulnerable
A 6-hour brute-force attack could have downloaded every Avelo Airline passenger's PII, Known Traveler Number, and payment data.
Timeline & Responsible Disclosure
How Broken OTPs and Open Endpoints Turned a Dating App Into a Stalker's Playground
Private messages, passport information, sexual preferences, and more left vulnerable in Cerca Dating App
Update: This post received a large amount of attention on Hacker News — see the discussion thread.