Companies are paying hackers millions to discover security flaws

The internet has long been plagued by hackers who, more often than not, will even commit crimes in order to get paid. Although there are a lot of malicious hackers out there, there are also ethical hackers, known as white-hat hackers. These have even been getting six-figure salaries by helping companies take care of vulnerabilities.

Paying millions to get hacked

Major tech companies such as Apple and Google have bounty programs, in which they pay those who find vulnerabilities to report back to them, instead of trying to take advantage. Depending on the exploit, payouts can be extremely high.

Other tech companies that don’t have the resources Google and Apple have need to rely on other alternatives. HackerOne, a San Francisco-based company described as a “vulnerability coordination and bug bounty platform” has reportedly helped over 800 companies and paid over $16 million in bonuses to white-hat hackers.

According to the New York Post, even though the company was founded in 2012, most of the bounty was paid in the last two years, as only recently have companies become more aware of their own vulnerabilities and how damaging these can be.

What the company does is, essentially, connect companies with white-hat hackers, providing both sides with a win-win situation. Companies certainly prefer to pay hackers that will report back to them instead of being exploited by others. Hackers who want to get paid for their skill also benefit from the platform, as independently contacting companies informing them about their exploits often ends up with jail threats.

Throughout the years, HackerOne has managed to persuade some of the biggest companies out there, including Yahoo!, Uber, General Motors, Twitter, and even the US Department of Defense to take advantage of its services.

Speaking to the New York Times, HackerOne co-founder and former Facebook product security guru, said:

“Every technology has vulnerabilities, and if you don’t have a public process for responsible hackers to report them, you are only going to find out about them through attacks in the black market.”

Past wake-up calls

Companies have been alerted by several recent wake-up calls that showed them just how certain vulnerabilities can compromise their operations. Back in 2015, for example, hackers managed to control a Jeep using a laptop miles away, while the driver was still in it. The event forced Chrysler to recall over a million vehicles.

Another wake-up call came when US security researcher Matt Jakubowski found that Mattel’s Wi-Fi enabled Hello Barbie doll was vulnerable when connected to Wi-Fi. Hackers could gain direct access to the doll’s system information, stored audio files, and even direct access to the microphone. Even though the doll only listened to conversations when a button was being pressed and encrypted recorded audio before sending it over the internet, these features could then be overwritten by a hacker.

Speaking on the matter, HackerOne Chief Executive Marten Mickos said:

“It may sound silly, a doll, but it’s your child.”

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.