Runa Sandvik appreciates the investigation report of HackerOne on Twitter

A former senior director of the New York Times, Runa Sandvik takes on Twitter to praise the report of  HackerOne on Saturday.

She tweeted, “A HackerOne employee accessed vulnerability data of customers, then re-submitted the security issues to the same customers for personal gain. Interesting report by @Hacker0x01 on the incident and investigation”.

A HackerOne employee accessed vulnerability data of customers, then re-submitted the security issues to the same customers for personal gain. Interesting report by @Hacker0x01 on the incident and investigation. https://t.co/9Zv1meuqiZ

— Runa Sandvik (@runasand) July 1, 2022

The investigation was related to an employee who was unfaithful to the company as he accessed security reports for personal gain.

On 22 June 2022, HackerOne started this investigation after a customer asked them to investigate the reports of an intimidating and suspicious off-platform communication from an actor by the handle of “rzlr”.

As per the investigation done by HackerOne, they have found out that their employee as inappropriately accessed the vulnerability data of customers to resubmit duplicate vulnerabilities to those same customers for personal gain.

The employee was anonymously disclosing this vulnerability data outside the HackerOne platform with the motive of claiming additional bounties.

The company feels sorrow as it was a violation of their values, culture, policies, and employment contracts.

Within 24 hours, they focused on this incident by identifying the then employee and cutting off access to personal data. Since then, they have terminated the employee and further consolidated the defenses to avoid such adversities in the future.

The threat actor had access to the data of HackerOne systems between 4 April and 23 June.