"Cookie Leak Allows White-Hat Researcher to Access HackerOne Vulnerability Reports"
HackerOne, a company that hosts bug bounty programs for organizations, recently disclosed an incident in which a human error led to the access of company vulnerability reports by a white-hat hacker known as haxta4ok00. One of HackerOne's security analysts accidentally sent a session cookie to the white-hat researcher, which was then used to access the vulnerability reports. Following the disclosure and investigation of the incident, the researcher as rewarded $20,000 for their discovery. HackerOne then took steps to change its cookie policy and establish a process for responding to an event in which a hacker is suspected of accessing sensitive material. In addition, the company plans to re-examine and alter its security analyst permission model, as well as enhance education for employees and white-hat hackers. This article continues to discuss how the incident occurred, HackerOne's response to the incident, and the expected increase in attacks targeting crowd security testing platforms.