A popular security vulnerability coordination and bug bounty platform, HackerOne disclosed the security incident stating a then-employee had improperly accessed security reports for personal gain. The suspect anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.
On June 22nd, 2022, a hackerone customer notified a suspicious vulnerability disclosure made outside the HackerOne platform with the handle "rzlr". Taking the notification on priority HackerOne launched an incident investigation into the suspected threat actor. HackerOne team found (now former) employee improperly accessed vulnerability data of customers to re-submit duplicate vulnerabilities to those same customers for personal gain.
"These steps were necessary as we worked to investigate and eliminate the prospect of multiple insiders. We are now confident that this incident was limited to a single employee who improperly accessed information in clear violation of our values, our culture, our policies, and our employment contracts."- HackerOne noted.
"Within 24 hours of the tip from our customer, we took steps to terminate that employee's system access and remotely locked their laptop pending further investigation."- team further added.
HackerOne team revoked system access, remotely locked the laptop of the suspected threat actor,s and conducted remote forensics imaging and analysis of the actor device. HackerOne found that seven customers were contacted by the threat actor, by improper access to HackerOne systems between April 4th and June 23rd of 2022.