Just recently, Ahmed, who had also found a serious loophole in Airtel a few weeks back, discovered a vulnerability in the API used by the SonyLIV app and website which lets users log into their accounts.
He found that anyone with a little technical know-how could exploit the issue using nothing but the email of a person.
Here's what Ahmed said while highlighting the issue's seriousness
"It could cause a massive data breach, and the flaw was a risk to all the registered users as it could leak their sensitive information on the Web," Ahmed told Gadgets360. "The attackers could use the information fetched to even perform social engineering."
However, he published these details publicly only after Sony took note of his report submitted via Gadgets360 and issued a patch fixing the API vulnerability, both on the mobile app and website of the service.
SonyLIV acknowledged the issue and said that it has been fixed but also emphasized that the bug wasn't exploited by anybody.
"A bug that could have affected accounts using social media IDs for logging onto SonyLIV has been identified and removed," a company spokesperson said, adding that "data of all our subscribers remain[s] safe and securely protected."