HackerOne Employee Fired After Leaking Security Bug Reports! Here's Why His Action is Illegal

A HackerOne employee was dismissed from his position after the bug bounty company confirmed that he accessed the platform's security bug reports.

HackerOne Employee Fired After Leaking Security Bug Reports! Here's Why His Action is Illegal
A participant looks at lines of code on a laptop on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Adam Berry/Getty Images

Based on the ongoing investigation, the former staff leaked the documents outside the platform.

Since action is a terminable offense for the company, Chris Evans, HackerOne's chief information security officer (CISO) and co-founder, confirmed that they fired the accused employee 24 hours after discovering his offense.

For those unfamiliar with HackerOne, it is a bug bounty platform used by various government departments, as well as giant businesses and companies, to manage their bug bounties.

HackerOne Employee Fired After Leaking Security Bug Reports!

According to ZDNet's latest report, the fired HackerOne employee accessed the platform's bug reports at some point between Apr. 4 and June 22.

HackerOne Employee Fired After Leaking Security Bug Reports! Here's Why His Action is Illegal
A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Adam Berry/Getty Images

The company identified this activity after a customer asked them to investigate a suspicious vulnerability disclosure.

The consumer, who was not named, said accused the employee of sharing HackerOne's bug bounty records outside the platform's reach.

"The submitter of this off-platform disclosure reportedly used intimidating language in communication with our customer," said CISO Evans via his official blog post.

He added that the details disclosed by the former employee to the complainant were already submitted to the HackerOne platform.

To make this scenario easier to understand, the terminated staff seems to be double-dipping. This means he is trying to benefit from different revenue sources using a single work, which is illegal.

Why Is It Illegal?

Evans explained that the dismissed HackerOne staff accessed and used the platform's security bug reports to claim additional bounties from companies and businesses.

Of course, this is an unethical way to earn revenue if you are working for a bug bounty company. Evans added that the ex-employee already wrongfully received bounties after conducting various disclosures outside HackerOne.

If you want to see further details about HackerOne's latest investigation, you can click this link.

Previously, the Sandworm hackers resurfaced after half a decade.

On the other hand, experts warned about Chinese hackers that are using VLC media players to spread their computer viruses.

For more news updates about security threats and other related topics, keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics