Saturday, April 13, 2024

HackerOne Employee Stole Bug Reported Through Bounty Platform to Sell Customers Directly

The largest cybersecurity firm, HackerOne‘s employee stolen vulnerability disclosure reports, submitted through Bounty Platform to sell to customers directly.

HackerOne is vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers. The reports say, since May 2020, HackerOne’s network had paid $100 million in bounties.

In a recent blog post, the company detailed the incident that took place over the period of three months and confirmed that the employee has since been fired.

An Insight of the Incident

On June 22nd, 2022, a customer asked the company to examine a suspicious vulnerability disclosure made outside of the HackerOne platform. The company noticed that this submitter used intimidating language in communication; also the disclosure was similar to an existing disclosure that was earlier submitted through HackerOne.

After the investigation, the HackerOne Security team found a then-employee had improperly accessed security reports for personal gain. The report says the person revealed this bug report outside the company with the aim of claiming extra bounties.

“The threat actor created a HackerOne sockpuppet account and had received bounties in a handful of disclosures. After identifying these bounties as likely improper, HackerOne reached out to the relevant payment providers, who worked cooperatively with us to provide additional information”, says HackerOne.

Upon analyzing the threat actor’s network traffic exposed more evidence that linked their primary and sockpuppet accounts on HackerOne.

The Action was Taken against the Incident

Since it is a violation of the company’s policies, and employment contracts, under 24 hours, the company says, the then-employer’s access was cut-off.

“We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate”, the company said.

The company identified seven customers who received direct communication from the threat actor. They notified each of the customers for investigation and asked for information related to their interactions.

The company says that they have issued platform bans for the employee’s known HackerOne accounts. Also, they planned to carry on forensic analysis of the logs produced and devices used by the former employee. The company is reaching out to other bug bounty platforms to share details in case their customers received similar communications from “rzlr”.

Source:  H4x0r-DZ

The notice informs the hackers of the incident and includes a list of the reports the threat actor accessed either legitimately, as part of their job, or with the intention to abuse the vulnerabilities submitted.

HackerOne mentioned, “This was a serious incident. We are confident that insider access is now contained. Insider threats are one of the most insidious in cybersecurity, and we stand ready to do everything in our power to reduce the likelihood of such incidents in the future.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles