HackerOne employee fired for using position to steal bug bounties
The threat actor was identified by their duplicate data, which they were trying to pass off as their own for financial gain
Vulnerability coordination platform HackerOne has announced the firing of an employee found to have used their position to access the vulnerability data of customers, and to sell duplicate data back to them for monetary gain.
HackerOne provides a platform through which white hat hackers can anonymously submit vulnerability reports on companies and also facilitates the secure transfer of bounties in return for the information. The company describes itself as the “global leader” in attack resistance management (ARM).
Securing endpoints amid new threats
Ensuring employees have the flexibility and security to work remotely
Free DownloadIt was discovered this week that an employee had improperly accessed HackerOne systems between April 4 and June 23, stealing user-submitted vulnerability data to pass the information along to the affected customers themselves and receive the bounty.
Concerns were raised by a customer on June 22, when a submitter of vulnerability data used threatening language and provided information with remarkable similarity to a disclosure they had previously received through HackerOne.
Relying on a community of over a million hackers to submit reports can lead to ‘bug collisions’ or duplicates, where two or more hackers can discover the same vulnerability around the same time as each other. In this instance, however, the company states that it was provided with evidence that cast doubt on simple coincidence being behind this crossover of information.
24 hours after the customer tip, HackerOne had identified an employee suspected of being behind the incident and removed their system access. This was possible because only one employee’s access log showed that they had viewed all the disclosures that further customers had identified as being re-submitted by the threat actor.
Following an interview, their employment was terminated, and criminal referral has not yet been ruled out by the company.
In a report, HackerOne chief information security officer Chris Evans and chief technology officer Alex Rice described the actions as a “serious incident.”
“Insider threats are one of the most insidious in cybersecurity, and we stand ready to do everything in our power to reduce the likelihood of such incidents in the future.”
The company states that they have made all customers that they know interacted with the threat actor aware of the incident, but further stressed that any customer who was contacted by user ‘rzlr’ should contact them directly at support-incident-06-22@hackerone.com.
The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks
Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management
Free DownloadThe Total Economic Impact™ of IBM Watson Assistant
Cost savings and business benefits enabled by Watson Assistant
Free DownloadThe field guide to application modernisation
Moving forward with your enterprise application portfolio
Free DownloadAI for customer service
Discover the industry-leading AI platform that customers and employees want to use
Free Download
