A former employee of HackerOne accessed internal data documents of the company for personal financial gain.
He obtained information from security reports submitted to the bug bounty platform and attempted to disclose the same vulnerabilities outside of the platform.
In under 24 hours, the company worked quickly to contain the incident by identifying the then-employee and cutting off his access to data after a suspicious customer received duplicated bug reports and raised complaints.
TPRM report: https://scoringcyber.rankiteo.com/company/hackerone
"id": "hac1486722",
"linkid": "hackerone",
"type": "Breach",
"date": "07/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Cybersecurity',
'name': 'HackerOne',
'type': 'Company'}],
'attack_vector': 'Insider Threat',
'data_breach': {'type_of_data_compromised': ['Security Reports',
'Bug Reports']},
'description': 'A former employee of HackerOne accessed internal data '
'documents of the company for personal financial gain. He '
'obtained information from security reports submitted to the '
'bug bounty platform and attempted to disclose the same '
'vulnerabilities outside of the platform. In under 24 hours, '
'the company worked quickly to contain the incident by '
'identifying the then-employee and cutting off his access to '
'data after a suspicious customer received duplicated bug '
'reports and raised complaints.',
'impact': {'customer_complaints': 'Yes',
'data_compromised': ['Security Reports', 'Bug Reports']},
'motivation': 'Personal Financial Gain',
'response': {'containment_measures': ['Identifying the employee',
'Cutting off access to data']},
'threat_actor': 'Former Employee',
'title': 'HackerOne Internal Data Breach by Former Employee',
'type': 'Data Breach',
'vulnerability_exploited': 'Internal Access'}