HackerOne  Employee used to access security reports for Personal  Gain

basudev

Hackerone

Hackerone is a Platform for Bug Bounty hunters and the Companies who used to strengthen for cyber security risks They rewards Security Researchers for their findings

Hackerone June 2022 Incident

In an Investigation by Hackerone Team, They Identified an employee of their company was used to access Researcher's Security Reports and mark them as Out of Scope or Informative He Used those reports for personal gain, by submitting the reports to their customers 

Researchers used to complain Hackerone

Before that there are many Popular Security Researchers used to complain about Hackerone that their zero day findings were stolen by Hackerone But Infosec Community Always shown them in low light and sometimes used to make fun of them

How Hackerone Realised?

Few of their Customers started complaining about some suspicious security reports made outside of the Hackerone Platform and that is similar to hackerone report In an investigation, they found the employee used the reports for personal gain, as per their report, they have terminated the employee

Hackerone shared the transparent report with Researchers

After that, Hackerone shared the transparent report with their customers and the researchers For researchers,  they have notified about their findings which were stolen or misused by the threat actors 

More stories

01

Indian Govt Forced VPN companies to keep the logs

02

Tor Browser All you need to know

03

Keyloggers All you need to know