As a leading vulnerability reporting platform, HackerOne has paid hackers more than $23 million on behalf of more than 100 customers, including Twitter, Slack, and the US Pentagon. The company’s position also gives it access to unimaginable amounts of sensitive data. Now, the company has paid a $20,000 bounty out of its own pocket after accidentally giving an outside hacker the ability to read and modify some customer bug reports.
The outsider—a HackerOne community member who had a proven track record of finding and privately reporting vulnerabilities through the platform—had been communicating late last month with one of the company’s security analysts.
