Friday, March 29, 2024

Hackers Earned More Than $19 Million in 2018 by Participating in Bug Bounty Programs

HackerOne published 2019 hacker report, which details the individuals that represent the HackerOne community.

In the past year alone hackers earned more than $19 million in reporting bounties and most of the hackers are under the age of 35.

2018 is the incredible year for hackers, where they earned $100K for one vulnerability and the first hacker passing the $1 million milestone. Many of the individuals use HackerOne for career building opportunities through bug bounties, with companies hiring from within the hacker community.

hacker report

In total as of December 2018, HackerOne has more than 300K+ registered hackers, 100K+ vulnerabilities reported and $42M paid in bounties.

“Countries like Iceland, Ghana, Slovakia, Aruba, and Ecuador have hackers with as much determination, skill and success as those from India, the United States, Russia, Pakistan, and the United Kingdom,” reads the report.

Out of the $42+ million bounties awarded the organizations from the U.S. and Canada paid the most followed by the organizations in the U.K., Germany, Russia, and Singapore.

Learn: Web Hacking and Bug Bounty Course and Get Paid for Hacking and Disclosing Bugs

According to the hacker report, the hackers from the U.S., India, and Russia earns around 36% of the total value of awarded bounties and the Canadian hackers earned 3.3%.

hacker report

Hacker-powered security is creating opportunities across the entire globe, the unemployment rate for trained cybersecurity personnel is infamously 0%.

Hacker’s Favorite Tools –
Hacker Report

Here you can see the list of the tools used by hackers to test the vulnerabilities in network and applications.

hacker report

Hackers have shown love in finding vulnerabilities in web applications followed by APIs, Android apps, operating systems and downloadable
software.

Over 38% of hackers said finding cross-site scripting (XSS) is their favorite attack vector and the SQL injection placed second (13.5%).

In the Spot Light

Santiago Lopez(@try_to_hack) is the first hacker who reached $1 million in bounty, he start reporting vulnerabilities in 2015 on HackerOne.

“I do not have enough words to describe how happy I am to become the first hacker to reach this landmark,” said Lopez.

Lopez leads the HackerOne’s leaderboard, he ranked number one out of three hundred and thirty thousand hackers competing for the spot.

Intel Expands Bug Bounty Program Rewards To $250,000 for Meltdown and Spectre Like Vulnerabilities

Bug Bounty Researchers Make More than 2.7 Times Salary of an Average Software Engineer

Facebook Launches Data Abuse Bounty Program With rewards Up to $40,000

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles