The criminal worked for the company for only a few months – from April 4, 2022. During this time, he managed to contact seven customers, informing them about the vulnerabilities found in their products and demanding money.

what is known

• The strange activity became known on June 22, when HackerOne contacted one of its customers. He learned about the vulnerability by bypassing the platform itself from a person using the alias “rzlr”. At the same time, the customer noticed that a message about this error was already sent via HackerOne.
• While sometimes multiple researchers might actually discover the same bug at the same time, in this case the report on HackeOne and the scammer’s report had obvious similarities that prompted the company to investigate.
• It turned out that one of the employees had access to the platform for more than two months and was blackmailing customers with vulnerabilities already discovered.
• He managed to get a “reward” for some of the stolen bug reports, which allowed HackerOne to track the money and identify the culprit in one of their employees.
• Further analysis of the network traffic revealed additional evidence linking the fake account to the main working account.
• Less than a day after the investigation began, the platform identified the attacker, removed him from the system, and remotely locked his laptop until further investigation.
• Over the next few days, HackerOne experts performed a remote analysis of the suspect’s computer and reviewed the employee’s access logs during his work to identify any security probes he had interacted with.
• As a result, on June 30, 2022, the scammer was released.

After reviewing the matter with the lawyers, we will decide whether it is appropriate to file a criminal complaint in this situation. As we continue to review logs and devices used by the former employee,
– reviews the company.

HackerOne officials say the scammer used “threatening” and “intimidating” language when communicating with their victims.