HackerOne News: HackerOne Fires Employee Who Stealed Bug Reports To Make Money Elsewhere

Bug bounty platform HackerOne has revealed that one of its employees took bug reports submitted by external researchers for personal gain by submitting them on other bounty platforms.

After investigation by the HackerOne Security team, it discovered that a then-employee had anonymously leaked vulnerability information outside the HackerOne platform in an attempt to claim additional bounties.

“This is a gross violation of our values, culture, policies and employment contracts. In less than 24 hours, we worked quickly to contain the incident by identifying the employee of the ‘time and cutting off access to data,’ the company said. in a report.

“We have since terminated the employee and strengthened our defenses to avoid similar situations in the future,” he added.

On June 22, a customer asked HackerOne to investigate a suspicious vulnerability disclosure made outside of their platform.

This customer expressed skepticism about the real collision and provided detailed reasoning.

Discover the stories that interest you

HackerOne’s security team took these allegations seriously and opened an investigation.

“Our investigation concluded that a (now former) HackerOne employee improperly accessed customer vulnerability data to resubmit duplicate vulnerabilities to those same customers for personal gain,” said Alex Rice, Founder and technical director.

The company has identified seven customers who received direct communication from the threat actor.

“We notified each of the customers about our investigation and requested information related to their interactions,” said Chris Evans, CISO.

“As a result of the findings of our investigation, we believe we have taken the necessary steps to contain insider access,” he added.

HackerOne paid out over $100 million to participants in 2020 who reported over 181,000 vulnerabilities through bounties.

Stay on top of tech news and the startups that matter. Subscribe to our daily newsletter for the latest must-have tech news, delivered straight to your inbox.

Comments are closed.