Thursday, November 14, 2024
HomeBug BountyHackerOne Employee Stole Bug Reported Through Bounty Platform to Sell Customers Directly

HackerOne Employee Stole Bug Reported Through Bounty Platform to Sell Customers Directly

Published on

Malware protection

The largest cybersecurity firm, HackerOne‘s employee stolen vulnerability disclosure reports, submitted through Bounty Platform to sell to customers directly.

HackerOne is vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers. The reports say, since May 2020, HackerOne’s network had paid $100 million in bounties.

In a recent blog post, the company detailed the incident that took place over the period of three months and confirmed that the employee has since been fired.

- Advertisement - SIEM as a Service

An Insight of the Incident

On June 22nd, 2022, a customer asked the company to examine a suspicious vulnerability disclosure made outside of the HackerOne platform. The company noticed that this submitter used intimidating language in communication; also the disclosure was similar to an existing disclosure that was earlier submitted through HackerOne.

After the investigation, the HackerOne Security team found a then-employee had improperly accessed security reports for personal gain. The report says the person revealed this bug report outside the company with the aim of claiming extra bounties.

“The threat actor created a HackerOne sockpuppet account and had received bounties in a handful of disclosures. After identifying these bounties as likely improper, HackerOne reached out to the relevant payment providers, who worked cooperatively with us to provide additional information”, says HackerOne.

Upon analyzing the threat actor’s network traffic exposed more evidence that linked their primary and sockpuppet accounts on HackerOne.

The Action was Taken against the Incident

Since it is a violation of the company’s policies, and employment contracts, under 24 hours, the company says, the then-employer’s access was cut-off.

“We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate”, the company said.

The company identified seven customers who received direct communication from the threat actor. They notified each of the customers for investigation and asked for information related to their interactions.

The company says that they have issued platform bans for the employee’s known HackerOne accounts. Also, they planned to carry on forensic analysis of the logs produced and devices used by the former employee. The company is reaching out to other bug bounty platforms to share details in case their customers received similar communications from “rzlr”.

Source:  H4x0r-DZ

The notice informs the hackers of the incident and includes a list of the reports the threat actor accessed either legitimately, as part of their job, or with the intention to abuse the vulnerabilities submitted.

HackerOne mentioned, “This was a serious incident. We are confident that insider access is now contained. Insider threats are one of the most insidious in cybersecurity, and we stand ready to do everything in our power to reduce the likelihood of such incidents in the future.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Windows 0-Day Exploited in Wild with Single Right Click

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows...

Automating Identity and Access Management for Modern Enterprises

Keeping track of who has access and managing their permissions has gotten a lot...

Finding The Right E-Commerce Platform – Comparing Reselling Solutions

If you’re looking to make some extra cash or to start a business, you...

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Windows 0-Day Exploited in Wild with Single Right Click

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows...

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple...

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...