Key Takeaways
- Yale student Alex Schapiro works as an ethical hacker, identifying security weaknesses in tech companies.
- He recently uncovered a flaw in the dating app Cerca, which could have exposed user information; the issue was promptly resolved.
- Ethical hackers play a crucial role in helping companies, especially fast-growing startups, protect sensitive user data.
- Schapiro’s work has even prompted some companies to establish their own bug bounty programs.
Alex Schapiro, a rising senior at Yale, leads a double life. Beyond his studies and social activities, he operates from his dorm room as an ethical hacker, uncovering security flaws in tech companies before they can be exploited by malicious actors.
His bug-hunting skills recently gained attention after he discovered a vulnerability in Cerca, a new dating app founded by college students. According to a blog post by Schapiro, this flaw could have potentially exposed users’ phone numbers and identification information.
Cerca conducted an “internal investigation” and concluded the “bug had not been exploited.” The company resolved the issue “within hours” of Schapiro’s notification. They also reduced the amount of data collected and hired an outside expert for a code review, which found no further issues, Business Insider reported, noting The Yale Daily News had first covered Schapiro’s findings in April.
With a surge in venture investment, many student-led startups are launching products and securing funding rapidly. As AI-assisted programming, sometimes called “vibe coding,” becomes common, Schapiro believes ethical hackers are crucial for helping these startups scale securely.
“These are real people, and this is real, sensitive data,” Schapiro told Business Insider. “It’s not just going to be part of your pitch deck saying, ‘hey, we have 10,000 users.'”
Schapiro credits his mother, a former computer scientist, for his early interest in programming. He started building side projects in high school, teaching himself to “reverse-engineer” websites, which led to finding ways to break them and then make them stronger.
This knack for identifying and helping fix security weaknesses is a valuable service. Ethical hacking is a recognized practice, with large online communities dedicated to it. It benefits both the hackers, who hone their skills, and the companies, who can better protect user data from breaches.
Many tech giants, including Microsoft, Google, and Apple, run bug bounty programs, offering financial rewards to those who find and report security flaws in their systems.
In his first year at Yale, Schapiro identified a “pretty serious vulnerability” in a company generating billions in annual revenue. His discoveries have also prompted another company with significant revenue to start developing its own bug bounty program.
He has also been contracted by tech companies, such as part-time work platform SideShift, to test their software for security holes. Last summer, he interned at Verizon, where he tested their AI systems.
“As someone who uses a bunch of websites, I want my data to be taken care of,” Schapiro explained. “That’s my mindset when I’m building something. I want to treat all the data that I’m dealing with as if it was my own data.”
Despite his technical skills and approaches from venture capitalists, Schapiro is not currently looking to found a company. He is immersed in his four-year liberal arts college experience at Yale, running a popular student website, CourseTable, which handles millions of requests monthly.
He finds that his diverse academic pursuits, including a translations course for his second major in Near Eastern languages and civilizations, offer fresh perspectives on problem-solving in computer science.
“You meet so many interesting, cool people here, and this is a time in your life where you can really just learn things,” he said. “You’re not going to get that experience later in life.”
While starting a company might be in his future, Schapiro is focused on his education until his graduation next May. This summer, he will be interning at Amazon Web Services, working on AI and machine learning platforms.
