Vulnerability disclosures stolen by HackerOne employee

Major bug bounty platform HackerOne announced that it has identified and terminated an employee who stole and disclosed vulnerability information outside the platform to gain additional bounties, according to The Hacker News. HackerOne systems have been improperly accessed by the employee from April 4 to June 23, with the breach notified to the platform by an unnamed customer that requested an investigation on a "suspicious vulnerability disclosure" on June 22. Such disclosure was made by an individual using the "rzlr" handle on an off-platform communication. The insider was then discovered by HackerOne after analyzing internal log data, which found that the former employee had communicated with seven of its customers regarding vulnerabilities. "The threat actor created a HackerOne sockpuppet account and had received bounties in a handful of disclosures... Following the money trail, we received confirmation that the threat actor's bounty was linked to an account that financially benefited a then-HackerOne employee. Analysis of the threat actor's network traffic provided supplemental evidence connecting the threat actor's primary and sockpuppet accounts," said HackerOne.