HackerOne employee disclosed vulnerabilities ‘for personal gain’
Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be seen at tech conferences with a strong coffee in one hand and a laptop in the other. If it’s geeky, he probably likes it. Find him on Twitter: @Gadget_Ry
an employee of HackerOne was caught opening security reports and revealing vulnerabilities “for personal gain”.
HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.
Following a customer report of a suspicious disclosure of a vulnerability outside of the HackerOne platform, the company decided to launch an investigation.
Jober Abma, co-founder of HackerOne, Posted the company’s findings:
“We discovered that a former employee had inappropriately accessed security reports for personal gain. The individual has anonymously disclosed this vulnerability information outside of the HackerOne platform for the purpose of claiming additional bounties.
This is a clear violation of our values, culture, policies and employment contracts.”
Abma said the employee in question was identified within 24 hours and their access to data was revoked. The employee was fired and HackerOne says it has “strengthened” its defenses to avoid similar situations in the future.
The employee used the handle ‘rzlr’, so HackerOne asks any entity contacted through this handle to contact [email protected]†
(Photo by Travis Essinger On Unsplash†
Want to learn more about cybersecurity and the cloud from industry leaders? Checking out Cyber Security & Cloud Expo takes place in Amsterdam, California and London.
Discover other upcoming business technology events and webinars powered by TechForge here†