INSUBCONTINENT EXCLUSIVE:
The bug bounty platform HackerOne has paid a $20,000 bounty to an outside hacker after it accidentally gave them the ability to read and
modify some of its customers bug reports.It all began when the outsider, who is a HackerOne community member with a proven track record of
finding vulnerabilities, was communicating with one of the company's security analysts
The HackerOne analyst sent the user, who goes by the handle haxta4ok00, parts of a cURL command.However, the cURL command the analyst sent
mistakenly included a valid session cookie which could be used by anyone who possessed it to read and even partially modify all of the data
the analyst had access to.Luckily HackerOne was able to quickly revoke the session cookie just two hours after haxta4ok00 first reported the
incident.At this time, HackerOne is not saying just how much data was exposed by the security analyst's mistake
In a recently published incident report though, the company said that all affected customers have already been notified privately.The report
also revealed that the exposed data was limited to reports the security analyst had access to
However, the disclosure does not even provide any clues as to how many customers or how much data was affected
because it happened in the first place.Haxta4ok00 still received a bounty of $20,000 for his discovery while learning the valuable lesson
