I reported a Critical Bug but haven't received any reply yet

Ticket ID: 9656513

Hello Team,

I would like to follow up regarding a critical security issue I reported on the Upstox platform on 15 November 2025 at 2:49 AM.
The vulnerability results in exposure of personally identifiable information (PII), making it a matter of Critical severity.

I have already submitted a Proof of Concept demonstrating the issue, along with a brief description and an immediate remediation suggestion for the technical team. However, I have not received any response or acknowledgment yet.

Kindly provide an update on the current status of this report.

Thank you for your time and attention.

Bhavish Choudhary
Researcher Name: AnonymoushackerxD

We appreciate you reporting this to us. We will check your ticket ID and get back to you on this. Thanks.

Hello Ushnota ji,

• I reported this bug via Google Form via (https://docs.google.com/forms/d/e/1FAIpQLScz6ZlV-FvAVf7us1KEL6bAoIrlrwb7Yuq4yrAUP0nuaSq6xA/viewform)

• I also got a mail back that confirm that I submitted this

(Thanks for filling out this form: Bug Bounty Submission

You’re receiving this email because you filled out the following form using your email address. This form is owned by RKSV Securities India Pvt. Ltd.. Make sure you recognize and trust this form before copying or clicking on any links. If it looks suspicious, report it.

Here’s what was receive)

If you want my mail id its Bhavishchoudhary8800@gmail.com from which I reported the bug

Hello any updats

Hi @Bhavish_7253658,

Rest assure, I have raised this internally and we are already in the process of reviewing it. I’ll get back to you soon with an update, thank you.

Thank you for your support.

Finally, I got Bounty. I’ll share my necessary details via email.

@Bhavish_7253658 - Sure. Thanks for letting us know!