Thursday, March 28, 2024

HackerOne Apologized to Ukrainian Hackers After Blocking their Bounty Payouts

After sanctions were imposed on Russia and Belarus after Ukraine’s invasion, the CISO of HackerOne, Chris Evans, apologized to Ukrainian hackers for blocking their bug bounty payouts.

Bug bounty platform, HackerOne is blocking the bug bounty rewards, in some cases thousands of dollars, and rejecting the Ukrainian hackers to withdraw their earnings.

Following the Russian invasion of Ukraine in late February, HackerOne has blocked payouts to several hackers and researchers with affected HackerOne accounts due to all the economic sanctions and export controls that are imposed; however, all these imposed sanctions are not applicable to them.

In this event, HackerOne notified all the bounty hunters from Ukraine, Russia, and Belarus that all their transactions had been paused.

Apart from this, one of the Belarusian hackers claimed from its Twitter handle “xnwup” that “HackerOne took $25k from me because I am a Belarusian citizen.”

Here’s what HackerOne stated:-

“Due to current economic sanctions and export controls, if you are based in Ukraine, Russia, or Belarus, all communications and transactions (including swag shipping) have been paused for the time being.”

The HackerOne bug bounty program paid out more than $107 million in 2020 alone to all eligible bounty hunters. However, here the most vital point, in this case, is the dependency of several security researchers on their earnings to support their families.

Roleplay of HackerOne CEO

Earlier this week, HackerOne CEO MÃ¥rten Mickos brought up the freeze of Ukrainian accounts on the bug bounty platforms, saying that all rewards for hackers from sanctioned areas would go to UNICEF.

However, later, he deleted his tweet and published a new tweet in which he claimed that he misspoke the above statement, as he intended to say:-

“We re-route hacker rewards to donations only on specific instruction by the hacker.”

But, the CISO of HackerOne, Chris Evans, has published an official apology statement:-

“On behalf of the HackerOne team, I’d like to apologize to the Ukrainian hacker community for the frustration and confusion that our poor communication has caused. We have not (and will not) block lawful payments to Ukraine.”

Moreover, after this incident, HackerOne’s CISO, Chris Evans, also asserted that they would publish a FAQ page within 24 hours to brief this incident in detail.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles