Security News > 2022 > July > Rogue HackerOne employee steals bug reports to sell on the side
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards.
The rogue worker had contacted about half a dozen HackerOne customers and collected bounties "In a handful of disclosures," the company said on Friday.
HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports.
On June 22, HackerOne responded to a customer request to investigate a suspicious vulnerability disclosure through an off-platform communication channel from someone using the handle "Rzlr."
"The threat actor created a HackerOne sockpuppet account and had received bounties in a handful of disclosures. After identifying these bounties as likely improper, HackerOne reached out to the relevant payment providers, who worked cooperatively with us to provide additional information" - HackerOne.
For the next few days, HackerOne did remote forensics imaging and analysis of the suspect's computer and completed reviewing the data access logs for that employee for the duration of the employment to determine all bug bounty programs the threat actor interacted with.