IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

HackerOne employee fired for using position to steal bug bounties

The threat actor was identified by their duplicate data, which they were trying to pass off as their own for financial gain

A hand holding a magnifying glass reveals a red lock, unlocked among several blue locked locks

Vulnerability coordination platform HackerOne has announced the firing of an employee found to have used their position to access the vulnerability data of customers, and to sell duplicate data back to them for monetary gain.

HackerOne provides a platform through which white hat hackers can anonymously submit vulnerability reports on companies and also facilitates the secure transfer of bounties in return for the information. The company describes itself as the “global leader” in attack resistance management (ARM).

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

It was discovered this week that an employee had improperly accessed HackerOne systems between April 4 and June 23, stealing user-submitted vulnerability data to pass the information along to the affected customers themselves and receive the bounty.

Concerns were raised by a customer on June 22, when a submitter of vulnerability data used threatening language and provided information with remarkable similarity to a disclosure they had previously received through HackerOne.

Relying on a community of over a million hackers to submit reports can lead to ‘bug collisions’ or duplicates, where two or more hackers can discover the same vulnerability around the same time as each other. In this instance, however, the company states that it was provided with evidence that cast doubt on simple coincidence being behind this crossover of information.

24 hours after the customer tip, HackerOne had identified an employee suspected of being behind the incident and removed their system access. This was possible because only one employee’s access log showed that they had viewed all the disclosures that further customers had identified as being re-submitted by the threat actor.

Following an interview, their employment was terminated, and criminal referral has not yet been ruled out by the company. 

In a report, HackerOne chief information security officer Chris Evans and chief technology officer Alex Rice described the actions as a “serious incident.”

“Insider threats are one of the most insidious in cybersecurity, and we stand ready to do everything in our power to reduce the likelihood of such incidents in the future.”

The company states that they have made all customers that they know interacted with the threat actor aware of the incident, but further stressed that any customer who was contacted by user ‘rzlr’ should contact them directly at support-incident-06-22@hackerone.com.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Twilio account breach result of sophisticated social engineering campaign
Security

Twilio account breach result of sophisticated social engineering campaign

9 Aug 2022
Over 200,000 DrayTek routers vulnerable to total device takeover
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

3 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022