HackerOne, a vulnerability coordination and bug bounty platform, announced that a former employee of theirs had used their access to sensitive information regarding the vulnerabilities of clients to turn a quick profit.

The unnamed individual’s system access was terminated just 24 hours after a tip off from a customer revealed they had “improperly accessed information in clear violation of our values, our culture, our policies, and our employment contracts.”

The employee appeared to have contacted seven customers between April 4 and June 23 2022 in an attempt to make extra money off resubmitted vulnerability disclosures.

The firm closed the employee’s accounts, terminated their employment, and is currently debating criminal prosecution.

The former HackerOne employee, who went by the handle “rzlr” in communications with customers, is said to have used “intimidating” language with them when anonymously disclosing vulnerabilities that had already been found and disclosed.

A study last year found that a third (33%) of reported data breaches involved someone with authorized access to the impacted data, although in most cases, this led to unintentional data loss rather than deliberately malicious activity.

The post HackerOne Insider Defrauded Customers appeared first on IT Security Guru.


You May Also Like

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

Israeli cybersecurity company Check point said in a report that they had…

UK announces nuclear cybersecurity strategy

The UK government has announced cybersecurity plans for the country’s civil nuclear…