Monday, July 15, 2024

Hackers Earned More Than $19 Million in 2018 by Participating in Bug Bounty Programs

HackerOne published 2019 hacker report, which details the individuals that represent the HackerOne community.

In the past year alone hackers earned more than $19 million in reporting bounties and most of the hackers are under the age of 35.

2018 is the incredible year for hackers, where they earned $100K for one vulnerability and the first hacker passing the $1 million milestone. Many of the individuals use HackerOne for career building opportunities through bug bounties, with companies hiring from within the hacker community.

hacker report

In total as of December 2018, HackerOne has more than 300K+ registered hackers, 100K+ vulnerabilities reported and $42M paid in bounties.

“Countries like Iceland, Ghana, Slovakia, Aruba, and Ecuador have hackers with as much determination, skill and success as those from India, the United States, Russia, Pakistan, and the United Kingdom,” reads the report.

Out of the $42+ million bounties awarded the organizations from the U.S. and Canada paid the most followed by the organizations in the U.K., Germany, Russia, and Singapore.

Learn: Web Hacking and Bug Bounty Course and Get Paid for Hacking and Disclosing Bugs

According to the hacker report, the hackers from the U.S., India, and Russia earns around 36% of the total value of awarded bounties and the Canadian hackers earned 3.3%.

hacker report

Hacker-powered security is creating opportunities across the entire globe, the unemployment rate for trained cybersecurity personnel is infamously 0%.

Hacker’s Favorite Tools –
Hacker Report

Here you can see the list of the tools used by hackers to test the vulnerabilities in network and applications.

hacker report

Hackers have shown love in finding vulnerabilities in web applications followed by APIs, Android apps, operating systems and downloadable

Over 38% of hackers said finding cross-site scripting (XSS) is their favorite attack vector and the SQL injection placed second (13.5%).

In the Spot Light

Santiago Lopez(@try_to_hack) is the first hacker who reached $1 million in bounty, he start reporting vulnerabilities in 2015 on HackerOne.

“I do not have enough words to describe how happy I am to become the first hacker to reach this landmark,” said Lopez.

Lopez leads the HackerOne’s leaderboard, he ranked number one out of three hundred and thirty thousand hackers competing for the spot.

Intel Expands Bug Bounty Program Rewards To $250,000 for Meltdown and Spectre Like Vulnerabilities

Bug Bounty Researchers Make More than 2.7 Times Salary of an Average Software Engineer

Facebook Launches Data Abuse Bounty Program With rewards Up to $40,000


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles