hackerone | Breaking Cybersecurity News | The Hacker News

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it  said . "In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data." The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30. Calling the incident as a "clear violation" of its values, culture, policies, and employment contracts, HackerOne said it was alerted to the breach on June 22 by an unnamed customer, which asked it to "investigate a suspicious vulnerabi...

Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber's system last year and was paid a huge amount by the company to destroy the data and keep the incident secret. Just last week, Uber announced that a massive data breach in October 2016 exposed personal data of 57 million customers and drivers and that it paid two hackers $100,000 in ransom to destroy the information. However, the ride-hailing company did not disclose identities or any information about the hackers or how it paid them. Now, two unknown sources familiar with the incident have told Reuters that Uber paid a Florida man through HackerOne platform, a service that helps companies to host their bug bounty and vulnerability disclosure program. So far, the identity of the Florida man was unable to be obtained or another person who helped him carry out the hack. ...

The " Hack the Pentagon " bug bounty program by the United States Department of Defense (DoD) has been successful with more than 100 vulnerabilities uncovered by white hat hackers in Pentagon infrastructure. In March, the Defense Department launched what it calls " the first cyber Bug Bounty Program in the history of the federal government, " inviting hackers to take up the challenge of finding bugs in its networks and public faced websites that are registered under DoD. Around 1,400 whitehat (ethical) hackers participated in the Hack the Pentagon program and were awarded up to $15,000 for disclosures of the most destructive vulnerabilities in DoDs networks, Defense Secretary Ashton Carter said at a technology forum on Friday. "They are helping us to be more secure at a fraction of the cost," Carter said . "And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters." ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...