Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported the error to the company and received his (or her) own bug bounty reward of $20,000 for doing so – but not before being questioned about viewing sensitive data belonging to HackerOne clients.
Source: SC Magazine