Digital Media Net - Your Gateway To Digital media Creation. News and information on Digital Video, VR, Animation, Visual Effects, Mac Based media. Post Production, CAD, Sound and Music
Categories: News

Six Hackers Break Bug Bounty Record, Earning Over $1 Million Each on HackerOne

Bounty awards increased 65% on average as a quarter of all vulnerabilities reported are being classified as high to critical severity

SAN FRANCISCO–(BUSINESS WIRE)–HackerOne, the number one hacker-powered pentesting and bug bounty platform, today announced that six individual hackers have earned over one million dollars each from hacking. A bounty — or bug bounty — is a monetary award given to a hacker who finds and reports a valid security weakness to an organization so it can be safely resolved. Thanks to these six hackers five thousand unique security flaws have been fixed, protecting millions of people.

In March 2019, HackerOne announced that Santiago Lopez, known as @try_to_hack, a 19-year-old hacker from Argentina, was the world’s first hacker to earn $1 million with bug bounty programs. Now, Mark Litchfield (@mlitchfield) from the U.K., Nathaniel Wakelam (@nnwakelam) from Australia, Frans Rosen (@fransrosen) from Sweden, Ron Chan (@ngalog) from Hong Kong, and Tommy DeVoss (@dawgyg) from the U.S. joined the $1M hacker ranks by hacking for improved internet security.

“I am incredibly proud to see that my work is recognized and valued,” said 19 year old @try_to_hack, the world’s first hacker to earn $1M. “Not because of the money, but because this achievement represents the information of companies and people being more secure than they were before, and that is incredible.”

The news is underscored by findings published today in HackerOne’s 2019 Hacker-Powered Security Report which demonstrates the momentum observed in the industry. The report is based on 123,000+ unique resolved security vulnerabilities, 1,400+ customer programs and more than $62 million in bounties earned by hackers from over 150 countries. Today, six of the ten top banks in North America are working with HackerOne.

“Bug bounties have given me opportunities I never could have predicted going into it,” said @nnwakelam. “When I first started, the industry was in its infancy. Only a handful of companies invited hackers to find and share vulnerabilities. Six years later – the space has changed dramatically. Bug bounties have given me the flexibility to work from anywhere in the world, forged connections with people within an industry that I respect, created a secondary income stream within my own life, and allowed me the opportunity to branch out and pursue other business ventures. I’m grateful to be one of the first people to make it to this milestone alongside my peers, and I urge anyone who is interested in pursuing this to recognize that the first step is starting – the opportunities are there if you want to take them.”

Every five minutes, a hacker reports a vulnerability. Every 60 seconds, a hacker partners with an organization on HackerOne. That’s more than 1,000 interactions per day with hackers and companies or governments working towards a safer internet.

“I joined the wrong chat room when I was around 10 years old,” said hacker @dawgyg. “When I discovered bug bounty programs about 20 years later, I was finally able to use my curiosity for breaking things and standing up for what I believe in the name of defending organizations I believe in. Hitting that $1 million dollar milestone is a huge accomplishment and it feels amazing to know that the other five hackers and I have had such a huge impact. I hope our achievements will encourage other hackers to test their skills, become part of our supportive community and make the internet a much safer place.”

The opportunities for hackers to earn big has never been greater. The report also revealed hackers are finding more severe vulnerabilities than ever before. Twenty-five percent of all resolved vulnerabilities were classified as high to critical severity in the past year alone. As a result, bounty payments are rising. The average bounty paid for critical vulnerabilities increased 48% over last year’s average across all industries to $3,384; up from $2,281. A 71% increase over the 2016 average of $1,977. The most competitive programs today like Google, Microsoft, Apple and Intel offer individual bounty awards as high as $1,500,000 for critical issues.

“Hacking can open doors to anyone with a laptop and curiosity about how to break things,” said @mlitchfield. “I hope our achievements will encourage other hackers, young and old, to test their skills, become part of our supportive community, rake in some extra $$$’s along the way and make the internet a much safer place for people.”

In total, hackers earned $21 million in the past year, an increase of $10 million over the year prior. Typically, hackers from the U.S., India, and Russia dominate earnings, collectively pulling in 36% of the total value of awarded bounties globally. However, the presence of Argentinian, Swedish, Australian and Hong Kong hackers in the top six earners demonstrates the global opportunities available. A top earning hacker on HackerOne can earn 40.6x the annual median wage in Argentina and, in Sweden, a hacker can earn 6.3x the annual median wage of the country.

“When I first started hacking, I did not expect to ever make it on the leaderboard,” said @ngalog. “I saw names like ‘Frans’ and ‘Mark’ shining on top of the leaderboard week after week, never thinking I’d be able to meet them or work with them, let alone compete with them, which is awesome. It was a great moment to hit that $1 million dollar milestone and be in such great company with the five others.”

The six millionaires came together with HackerOne and 100 fellow hackers in Las Vegas earlier this month for a live hacking event in Las Vegas — H1-702. Hackers earned $1,902,668 for reporting over 1,000 security flaws in three days, evidence of rapid growth for professional hackers.

The most authoritative report on the hacker-powered security ecosystem.

Data included throughout is from The 2019 Hacker-Powered Security Report released today by HackerOne.

The full report is available at https://www.hackerone.com/resources/hacker-powered-security-report-2019.

About HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,500 other organizations have partnered with HackerOne to find over 130,000 vulnerabilities and award over $64M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.

Contacts

Samantha Spielman

press@hackerone.com

Staff

Recent Posts

TFS Financial Corporation Posts Strong First Quarter Results

CLEVELAND--(BUSINESS WIRE)--TFS Financial Corporation (NASDAQ: TFSL) (the "Company"), the holding company for Third Federal Savings…

2 hours ago

Shake Shack to Announce Fourth Quarter 2022 Financial Results on February 16, 2023

NEW YORK--(BUSINESS WIRE)--Shake Shack Inc. (“Shake Shack” or the “Company”) (NYSE: SHAK), will release fourth…

2 hours ago

WWE® Announces Time Change for Reporting of Fourth Quarter and Full Year 2022 Results

STAMFORD, Conn.--(BUSINESS WIRE)--WWE (NYSE: WWE) announced that it is changing the time of its conference…

2 hours ago

Analog Way to Exhibit Most Powerful Live Presentation Capabilities at ISE 2023

Analog Way will present their latest and most advanced offering of presentation systems and media…

7 hours ago

Idexo and Swords of Blood Announce Hosted NFT Lootbox Sale Taking Place on Wednesday, February 1, 2023

LONDON and SAN FRANCISCO, Jan. 26, 2023 /PRNewswire/ -- Idexo and Swords of Blood are…

8 hours ago

El-Hi Textbooks & Serials in Print, 2023 Edition – Access to Over 195,000 Titles from Over 17,000 U.S. Publishers – ResearchAndMarkets.com

DUBLIN--(BUSINESS WIRE)--The "El-Hi Textbooks & Serials in Print 2023 Edition" book has been added to…

8 hours ago