A security researcher has earned a $50,000 bug bounty after discovering a vulnerability in a popular e-commerce platform.
The issue centred on a GitHub access token he found while reverse-engineering a Mac desktop application.
The token gave wide-ranging access to the company’s private GitHub repositories, allowing for malicious code to be written and for sensitive information to be accessed.
This case serves as a reminder to developers to regularly check for malicious code and vulnerabilities, whilst also offering tips to those looking to discover bugs and earn bounties.
It also highlights the importance of having measures in place to detect bugs and take immediate action before damage is done, as well as having a streamlined bounty payment process.