What was the first thing you ever hacked?

It’s a rite of passage, isn’t it? A moment that (whether intentional or not) opens your eyes to how systems can break, bend, or be bypassed completely. 

Some hackers start with a vulnerable lab environment. Others start with a university portal, or even government networks… and end up testifying in Congress about the vulnerabilities they find (hello, L0pht). 

However it happens, that first hack stays with you. Not just because of the thrill, but because it shapes your mindset as a security professional. 

We asked three industry pros to tell us about their very first hack. Their stories are both fascinating and cautionary – reminders of how easy it is to stumble across serious flaws, and how important it is to act responsibly once you do.

From curiosity to critical vulnerability 

For Imran Parray (Founder and CEO at Snapsec), his first hack wasn't the result of any sneaky brute-force or social engineering. It came from doing good old-fashioned reconnaissance.

“The first thing I hacked was a well-known cloud communication company. While searching for bugs on their platform, I discovered that their audio recordings and customer support chat logs were somehow archived by the Wayback Machine and were freely accessible.

“By simply visiting these URLs, I gained access to hundreds of thousands of their customer chat logs. Some of these logs contained very sensitive information, including credit card details. I later found that I could iterate through the chat IDs and access all of their customers' chat logs, revealing a significant security vulnerability. I immediately reported this issue to the company and helped them verify the fix.”

Parray’s story is a great example of the value of proactive bug hunting – and the importance of tools like the Wayback Machine in a hacker’s toolkit. It’s also a clear reminder that even large, well-known companies can (and often do) miss basic data exposure risks.

A mistake that opened the floodgates 

Rohit Kumar (Product Security Engineer at Groww) started his journey with a mistake – one that turned into a full-on exploration of poorly secured backend systems.

“Back in my high school days, I was already delving into the world of development, which gave me a good grasp of how websites and software are supposed to function,” he said. 

“The memorable incident took place while applying for my Bachelor's course through a University Portal. In a moment of oversight, I accidentally uploaded an MP3 file instead of my 10th Marksheet. To my surprise, the website didn't immediately reject it – but instead responded with an error after a brief delay.

“Curious about this delay and the backend process, I pondered why the system wasn't utilising quick client-side validations. This led me to experiment unintentionally; I sent a script, not realising I was creating a kind of backdoor. To my astonishment, this opened up access to more than 40 university branches worldwide, including their main server with the complete source code and database credentials. It was an eye-opening journey.”

Kumar’s story is a classic example of how understanding development leads to deeper insights into system flaws. A seemingly minor validation gap became a major vulnerability with wide-reaching access.

Learning from code – and breaking it 

Some start with code. That’s how Ahmad Almorabea (Senior Penetration Testing Consultant at TCC, Podcaster at The Cyber Riddler) found his way into hacking: by figuring out how it was written, and how it could go wrong.

“The first thing I hacked was the vBulletin Forums. I was learning how to program in PHP and then understood how I could find a bug in PHP code. Afterwards, I was able to understand how to write and anticipate what hackers are looking for.”

One of the best ways to learn hacking is by first becoming a builder. Understanding the flaws in code often starts with understanding how that code was constructed in the first place.

So, what about you?

Whether it was intentional, accidental, or somewhere in between, your first hack is more than just a memory. It’s a formative experience. It teaches you to think critically, act responsibly, and always dig a little deeper.

What was your first hack? 

Register now to join the global cybersecurity community in Riyadh this December.