"HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain"
HackerOne fired one of its employees for collecting bug bounties from customers after alerting them to vulnerabilities in their products. These vulnerabilities were discovered by other researchers and privately disclosed to HackerOne through its coordinated vulnerability disclosure program. One of HackerOne's customers requested that the company investigate a vulnerability disclosure made outside of the HackerOne platform. The customer, like other bug bounty program clients, uses HackerOne to collect and report vulnerabilities in its products discovered by independent security researchers. In exchange, the company pays a bug bounty for reported vulnerabilities. In this case, the HackerOne customer stated that an anonymous individual contacted them about a vulnerability in its technology that was very similar to another bug reported by a researcher via the HackerOne platform. This article continues to discuss the HackerOne employee that was caught stealing vulnerability reports for personal gain and the changes being made by the company to security controls to prevent malicious insiders from doing the same thing in the future.