An employee of HackerOne was caught accessing security reports and disclosing vulnerabilities “for personal gain”.
HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.
Following a customer report of a suspicious vulnerability disclosure made outside of the HackerOne platform, the company decided to launch an investigation.
Jober Abma, Co-Founder of HackerOne, posted the company’s findings:
“We discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.
This is a clear violation of our values, our culture, our policies, and our employment contracts.”
Abma said the employee in question was identified in under 24 hours and had their access to data revoked. The employee was fired and HackerOne says that it’s “bolstered” its defenses to avoid similar situations in the future.
The employee used the handle ‘rzlr’ so HackerOne asks any entity that’s been contacted using this handle to reach out to support-incident-06-22@hackerone.com.
(Photo by Travis Essinger on Unsplash)
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
