Technology
HackerOne pays $20K to user who hacked its own platform
New Delhi, Dec 9
Facing an embarrassing situation, San Francisco-based HackerOne which is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter and Zomato, has paid $20,000 to a user who exposed a vulnerability in its own bug bounty platform.
The vulnerability was exposed by a user with the handle called "haxta4ok00" who has now been paid $20,000 by HackerOne.
"A hacker had access for a short time to information relating to other programmes running on the HackerOne platform.
"Less than 5 per cent of HackerOne programmes were impacted, and those programmes were contacted within 24 hours of report receipt," HackerOne said in a statement this week.
The hacker, and HackerOne community member posted a report to the bug bounty platform: "I can read all reports @security and more programmes."
HackerOne responded: "We didn't find it necessary for you to have opened all the reports and pages in order to validate you had access to the account. Would you mind explaining why you did so to us?"
Haxta4ok00 said: "I did it to show the impact. I didn't mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights. I apologise if I did anything wrong. But it was just a white hack."
In August this year, HackerOne revealed that hackers earned $21 million in just a year reporting vulnerabilities via various bug bounty opportunities as governments' efforts to fix malware increased a whopping 214 per cent globally.
Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers to date for finding and fixing bugs on its platform.
With the help of HackerOne's bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report.
Hacker-powered security is a technique that utilises collaboration with the hacker community to find unknown security vulnerabilities and reduce security risk. Popular examples include bug bounty programmes and vulnerability disclosure policies.
The vulnerability was exposed by a user with the handle called "haxta4ok00" who has now been paid $20,000 by HackerOne.
"A hacker had access for a short time to information relating to other programmes running on the HackerOne platform.
"Less than 5 per cent of HackerOne programmes were impacted, and those programmes were contacted within 24 hours of report receipt," HackerOne said in a statement this week.
The hacker, and HackerOne community member posted a report to the bug bounty platform: "I can read all reports @security and more programmes."
HackerOne responded: "We didn't find it necessary for you to have opened all the reports and pages in order to validate you had access to the account. Would you mind explaining why you did so to us?"
Haxta4ok00 said: "I did it to show the impact. I didn't mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights. I apologise if I did anything wrong. But it was just a white hack."
In August this year, HackerOne revealed that hackers earned $21 million in just a year reporting vulnerabilities via various bug bounty opportunities as governments' efforts to fix malware increased a whopping 214 per cent globally.
Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers to date for finding and fixing bugs on its platform.
With the help of HackerOne's bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report.
Hacker-powered security is a technique that utilises collaboration with the hacker community to find unknown security vulnerabilities and reduce security risk. Popular examples include bug bounty programmes and vulnerability disclosure policies.
8 hours ago
When Samantha Ruth Prabhu opened up about nepotism in Tollywood
11 hours ago
US seizes $1.5 million worth of cocaine hidden in air cargo bound for Delhi
13 hours ago
Deeply moved by warm welcome from Indian community in New Zealand: PM Modi
16 hours ago
Murali Gopy's character in Joju George's 'Varavu' revealed!
16 hours ago
Dulquer Salmaan's #DQ41 titled 'Sri Sri'
16 hours ago
Hema Malini reveals how Dharmendra improvised iconic opening steps of ‘Kal Ki Haseen Mulaqaat’ from ‘Charas’
16 hours ago
Jennifer Garner reveals how her friendship with Timothy Olyphant made romance easy
16 hours ago
South Indian actress Sharmiela Mandre to marry producer Sudhan Sundaram in Jaipur on July 12
16 hours ago
Amitabh Bachchan's latest World Cup curiosity ends with fact-check with help of AI
16 hours ago
'Dhamaal 4' (Movie Review): A Bigger, Louder, and Delightfully Mad Treasure Hunt Packed with Family Laughter!
16 hours ago
Shreya Kalra calls Gaurav Khanna 'blessed': May God never give anyone a wife like Akanksha Chamola
16 hours ago
Couple arrested in connection with killing of six abducted Naga civilians in Manipur
16 hours ago
Chapter is Closed: Supriya Sule rules out NDA alignment, NCP merger
