Bug bounty firm HackerOne suffers ‘sloppy cut-and-paste’ breach
Eva Short reports:
… in an ironic turn of fortunes for the firm, HackerOne has now paid out a $20,000 bounty for the identification of a bug on its own platform.
The hacker in question, user ‘haxta4ok00’, had been communicating with one of HackerOne’s security analysts last month. Throughout the course of the conversation, the analyst inadvertently copied and pasted a valid session cookie that gave anyone with access to it the ability to read and partially modify any data that the analyst themselves could see.
Read more on Silicon Republic.