Tuesday January 28, 2020
Home Lead Story HackerOne Pay...

HackerOne Pays $20K to User who Hacked its Own Platform

Hacker-powered security is a technique that utilises collaboration with the hacker community to find unknown security vulnerabilities and reduce security risk. Popular examples include bug bounty programmes and vulnerability disclosure policies

0
//
Bharat Bhise HNA, Hacker, Business
Hackers have the power to bring down your website or your entire network if they so wish. Pixabay

Facing an embarrassing situation, San Francisco-based HackerOne which is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter and Zomato, has paid $20,000 to a user who exposed a vulnerability in its own bug bounty platform.

The vulnerability was exposed by a user with the handle called “haxta4ok00” who has now been paid $20,000 by HackerOne.

“A hacker had access for a short time to information relating to other programmes running on the HackerOne platform.

“Less than 5 per cent of HackerOne programmes were impacted, and those programmes were contacted within 24 hours of report receipt,” HackerOne said in a statement this week.

The hacker, and HackerOne community member posted a report to the bug bounty platform: “I can read all reports @security and more programmes.”

personal information, smart devices
While 85 per cent of people own a smartphone, 54 per cent believe the technology is spying on them. Pixabay

HackerOne responded: “We didn’t find it necessary for you to have opened all the reports and pages in order to validate you had access to the account. Would you mind explaining why you did so to us?”

Haxta4ok00 said: “I did it to show the impact. I didn’t mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights. I apologise if I did anything wrong. But it was just a white hack.”

In August this year, HackerOne revealed that hackers earned $21 million in just a year reporting vulnerabilities via various bug bounty opportunities as governments’ efforts to fix malware increased a whopping 214 per cent globally.

Also Read: Delhi Breathes Hazardous Air, Once Again

Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers to date for finding and fixing bugs on its platform.

With the help of HackerOne’s bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report.

Hacker-powered security is a technique that utilises collaboration with the hacker community to find unknown security vulnerabilities and reduce security risk. Popular examples include bug bounty programmes and vulnerability disclosure policies. (IANS)

Next Story

Hacker Leaks Passwords for Over 5 Lakh Servers, IoT Devices

In a bone-chilling incident, parents of an eight-year-old girl in the US were left stunned when a hacker accessed a camera installed in their daughter's room and taunted her

0
hackers
Hackers have become an invaluable extension of the most trusted security teams. Pixabay

A hacker has leaked usernames and passwords of over five lakh servers, routers and Internet of Things (IoT) devices on the Dark Web which can be used to install malware on Internet-connected devices at home or at work.

Attackers could use those credentials to gain remote access to the affected devices, like we have seen recently in some home cameras and devices, including Amazon-owned Ring security cameras.

According to a ZDNet report on Sunday, the list of Telnet credentials has been published on a popular hacking forum that includes each device’s IP address, along with a username and password for the Telnet service.

Telnet is one of the earliest remote login protocols on the Internet. It is a client-server protocol that provides the user a terminal session to the remote host from the telnet client application.

“Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware,” said the report.

The list has been published online by the maintainer of a Direct Denial of Service (DDoS) botnet operator.

Cyber attack
Hackers and cyber criminals have IT managers on their target as per the survey. Pixabay

However, some of these devices might now run on a different IP address, or use different login credentials.

“Some devices were located on the networks of known Internet service providers (indicating they were either home router or IoT devices), but other devices were located on the networks of major Cloud service providers,” the report mentioned.

The five lakh devices still remain at hacking risk as a hacker can use the IP addresses included in the lists and then re-scan the internet service provider’s network to update the list with the latest IP addresses.

Also Read: Actress Raveena Tandon to Produce Web Series on Personality Disorder

Amazon’s Ring subsidiary came in news for all the wrong reasons where customers’ in-house cameras were broken into and the hackers tried to intimated the residents, including children.

In a bone-chilling incident, parents of an eight-year-old girl in the US were left stunned when a hacker accessed a camera installed in their daughter’s room and taunted her. (IANS)