HAVE YOU EVER ASKED: who hacks the hackers? Well, it turns out the community of HackerOne, from which one intrepid hacker emerged to breach the bug bounty organisation.
Going by the handle of haxta4ok00, one member of the community exposed a vulnerability in HackerOne which gave them access to information relating to other programs running on the platform.
Given HackerOne is contracted to sniff out bugs in systems used by the likes of Goldman Sachs and Uber, the hacker could have glimpsed a whole treasure trove of data.
The hacker gained access to this data after a HackerOne member of staff cut and pasted a URL with a bug hunter, which contained the staffer's session cookie details. With that info, haxta4ok00 was able to view HackerOne records that only staff with logins should be able to see.
So really, the hack was down to a bit of carelessness from a HackerOne worker. But as haxta4ok00 reported the bug through HackerOne's bug bounty programme, they got a reward of $20,000 (£15,224), which isn't a bad little earner.
However, the hacker did get a good dose of scrutiny from HackerOne, with a staffer asking the self-proclaimed white hat what they were doing so deep inside HackerOne's platform.
"We didn't find it necessary for you to have opened all the reports and pages in order to validate you had access to the account. Would you mind explaining why you did so to us? Thanks!" said HackerOne.
Haxta4ok00 retorted: "I did it to show the impact. I didn't mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights.
I apologise if I did anything wrong. But it was just a white hack."
While the whole thing looks a bit embarrassing for HackerOne, it does showcase that no one organisation is infallible to hacking, and even with the best security stuff in place, human error can still bork cybersecurity. µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster