HackerOne pays $20,000 bug bounty after 'sloppy' breach

"A HackerOne spokesperson said in a statement:"Last week, while reporting a vulnerability to HackerOne, a hacker had access for a short time to information relating to other programs running on the HackerOne platform. "Less than 5% of HackerOne programs were impacted, and those programs were contacted within 24 hours of report receipt." "A simple human error potentially put other companies' bugs in danger of being exposed," Cluley told the BBC. "One of the staff at HackerOne cut-and-pasted a url with a bug hunter, but it unfortunately contained his session cookie details. With that information the bug hunter was able to view HackerOne records that only that logged-in staff member was supposed to have been able to see." HackerOne fixed the vulnerability on its platform within two hours of haxta4ok00 reporting it. "This was a vulnerability reported through HackerOne's own bug bounty program by an active HackerOne hacker community member and was safely resolved."

Read the full story

 Related companies

Make a complaint about Uber by viewing their customer service contacts.

•