List of Y Combinator companies I have worked with(hacked)


I have worked with lots of companies as security consultant through bug bounties either I asked them if they need my service or they approached. I’m a big fan of Paul’s essay, Hacker News, Startup School and YC as a whole, so thought to document my contribution to YC(nothing technical, just a list).

I have worked with these companies in their early stage to resolve security issues with their websites:

  1. Xobni (S06) :   Acquired by Yahoo later. Found account take over CSRF in setting page. Got Yahoo swags.
  2. Dropbox (S07):  Multiple bugs in the mailbox and other acquisitions. Got listed on Special Thanks page, swags and 100GB.
  3. Disqus (S07):  Got stickers and swags.(Can’t find the mail, don’t remember the issues)
  4. Heroku(W08):  Screen Shot 2015-10-28 at 11.49.39 am
  5. WePay (S09):  Participated in their bug bounty program on Hackerone.
  6. Olark (S09):    Screen Shot 2015-10-28 at 11.58.44 am
  7. Mixpanel(S09): Screen Shot 2015-10-28 at 12.02.29 pm
  8. Stripe(S10):Screen Shot 2015-10-28 at 12.06.52 pm
  9. PagerDuty(S10): Multiple issues,Multiple swags Screen Shot 2015-10-28 at 12.11.04 pm
  10. Hipmunk(S10): Just realized, I was discussing stuff with Steve Huffman 🙂 Screen Shot 2015-10-28 at 12.15.14 pm
  11. Screen Shot 2015-10-28 at 12.20.16 pm
  12. Mailgun(W11): Screen Shot 2015-10-28 at 12.24.17 pm
  13. DR Chrono(W11): Worked with CEO directly and got handsomely rewarded for my work.
  14. Parse(S11):  Yes, Parse CEO said thisScreen Shot 2015-10-28 at 12.33.19 pm
  15. Firebase(S11): Screen Shot 2015-10-28 at 12.36.45 pm
  16. Instacart(S12):   Through private bug bounty
  17.  Acquired by Github, reported multiple issues. Special Thanks page on Github.
  18. Coinbase(S12): Through public bug bounty on Hackerone.
  19. Clever(S12): Screen Shot 2015-10-28 at 12.45.16 pm
  20. Zenefits(W13): Through private Bug bounty.
  21. Heap Analytics(W13): Screen Shot 2015-10-28 at 12.49.59 pm
  22. TrueVault(W14): Screen Shot 2015-10-28 at 12.54.42 pm
  23. Algolia(W14): still have lots of Algolia stickers 🙂
  24. Gitlab(W15): Listed on Acknowledgement page.
  25. Hacker News: Yup, Y Combinator itself. You can find me on their thanks page.

Look like that’s it for now.

so 25, not bad! BTW I am no ninja hacker, most of the stuff are the same task just another website. I have been a jerk professionally (in responding emails), sometimes I didn’t know the tech celebrity I’m talking with, for e.g Steve Huffman, IIya sukar.

I can help with basic web application testing but crowdsourcing your security is the best way to stay updated.

Any questions, suggestions or want to hire me? I’m at

Logging off


Edit: This list has grown up to 120+, I’m not maintaining this list anymore!

5 thoughts on “List of Y Combinator companies I have worked with(hacked)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s