You can now find Cyber Kendra on Google News | Telegram

HackerOne Disclose Security Incident

A customer asked hackerone to investigate a suspicious vulnerability disclosure made outside of the HackerOne platform.

HackerOne Disclose Security Incident

A popular security vulnerability coordination and bug bounty platform, HackerOne disclosed the security incident stating a then-employee had improperly accessed security reports for personal gain. The suspect anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties. 

On June 22nd, 2022, a hackerone customer notified a suspicious vulnerability disclosure made outside the HackerOne platform with the handle "rzlr". Taking the notification on priority HackerOne launched an incident investigation into the suspected threat actor. HackerOne team found  (now former) employee improperly accessed vulnerability data of customers to re-submit duplicate vulnerabilities to those same customers for personal gain.

"These steps were necessary as we worked to investigate and eliminate the prospect of multiple insiders. We are now confident that this incident was limited to a single employee who improperly accessed information in clear violation of our values, our culture, our policies, and our employment contracts."- HackerOne noted.

"Within 24 hours of the tip from our customer, we took steps to terminate that employee's system access and remotely locked their laptop pending further investigation."- team further added.

HackerOne team revoked system access, remotely locked the laptop of the suspected threat actor,s and conducted remote forensics imaging and analysis of the actor device. HackerOne found that seven customers were contacted by the threat actor, by improper access to HackerOne systems between April 4th and June 23rd of 2022.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.