HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains

From thehackernews.com

HackerOne Bug Bounty

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain.

“The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties,” it said. “In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data.”

The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30.

Read more…