Bug bounty firm HackerOne suffers ‘sloppy cut-and-paste’ breach

Eva Short reports:

… in an ironic turn of fortunes for the firm, HackerOne has now paid out a $20,000 bounty for the identification of a bug on its own platform.

The hacker in question, user ‘haxta4ok00’, had been communicating with one of HackerOne’s security analysts last month. Throughout the course of the conversation, the analyst inadvertently copied and pasted a valid session cookie that gave anyone with access to it the ability to read and partially modify any data that the analyst themselves could see.

Read more on Silicon Republic.

About the author: Dissent

Comments are closed.