$25,000 Bounty just for sensitive information disclosure
1 min read
Summary
A bug on the HackerOne platform, which allows ethical hackers to discover and disclose vulnerabilities on behalf of companies, has exposed sensitive data.
A white-hat hacker discovered the flaw and was awarded a $25,000 bounty, as the information exposed included internal data such as email addresses, phone numbers and codes for authentication.
The vulnerability was caused by an error made during a recent upgrade of the platform, which left an endpoint open.
The endpoint should have been closed when the upgrade was completed, but it was missed, leaving the sensitive information exposed.
The issue has now been fixed, and the vulnerability patched.