Dropbox uncovers 264 vulnerabilities in HackerOne Singapore bug hunt

From zdnet.com

Cloud storage vendor forks out US$319,300 in a one-day bug bounty programme that galvanised 45 HackerOne members in Singapore, where two hackers discuss their strategy and offer some advice for businesses to better secure their systems.

Dropbox has uncovered 264 vulnerabilities, paying out US$319,300 in bounties, after a one-day bug hunt in Singapore that brought together hackers from 10 nations around the world. Hosted by bug bounty platform HackerOne, the live event saw 45 of its members from countries such as Japan, India, Australia, Hong Kong, and Sweden, and some as young as 19, galvanise in the city-state in an attempt to infiltrate Dropbox’s targeted systems. 

The cloud storage vendor days earlier had revealed parts of its “attack” scope, so HackerOne members already had identified and submitted dozens of potential bugs before the live event. According to a company spokesperson, the focus this time was on Dropbox and its recent acquisition of digital workflow platform, HelloSign.  

Read more…