Tuesday, February 11, 2025
HomeBug BountyHackers Earned More Than $19 Million in 2018 by Participating in Bug...

Hackers Earned More Than $19 Million in 2018 by Participating in Bug Bounty Programs

Published on

SIEM as a Service

Follow Us on Google News

HackerOne published 2019 hacker report, which details the individuals that represent the HackerOne community.

In the past year alone hackers earned more than $19 million in reporting bounties and most of the hackers are under the age of 35.

2018 is the incredible year for hackers, where they earned $100K for one vulnerability and the first hacker passing the $1 million milestone. Many of the individuals use HackerOne for career building opportunities through bug bounties, with companies hiring from within the hacker community.

hacker report

In total as of December 2018, HackerOne has more than 300K+ registered hackers, 100K+ vulnerabilities reported and $42M paid in bounties.

“Countries like Iceland, Ghana, Slovakia, Aruba, and Ecuador have hackers with as much determination, skill and success as those from India, the United States, Russia, Pakistan, and the United Kingdom,” reads the report.

Out of the $42+ million bounties awarded the organizations from the U.S. and Canada paid the most followed by the organizations in the U.K., Germany, Russia, and Singapore.

Learn: Web Hacking and Bug Bounty Course and Get Paid for Hacking and Disclosing Bugs

According to the hacker report, the hackers from the U.S., India, and Russia earns around 36% of the total value of awarded bounties and the Canadian hackers earned 3.3%.

hacker report

Hacker-powered security is creating opportunities across the entire globe, the unemployment rate for trained cybersecurity personnel is infamously 0%.

Hacker’s Favorite Tools –
Hacker Report

Here you can see the list of the tools used by hackers to test the vulnerabilities in network and applications.

hacker report

Hackers have shown love in finding vulnerabilities in web applications followed by APIs, Android apps, operating systems and downloadable
software.

Over 38% of hackers said finding cross-site scripting (XSS) is their favorite attack vector and the SQL injection placed second (13.5%).

In the Spot Light

Santiago Lopez(@try_to_hack) is the first hacker who reached $1 million in bounty, he start reporting vulnerabilities in 2015 on HackerOne.

“I do not have enough words to describe how happy I am to become the first hacker to reach this landmark,” said Lopez.

Lopez leads the HackerOne’s leaderboard, he ranked number one out of three hundred and thirty thousand hackers competing for the spot.

Intel Expands Bug Bounty Program Rewards To $250,000 for Meltdown and Spectre Like Vulnerabilities

Bug Bounty Researchers Make More than 2.7 Times Salary of an Average Software Engineer

Facebook Launches Data Abuse Bounty Program With rewards Up to $40,000

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

Marvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising...