Ethical Hackers Reported 835 Vulnerabilities, Earned $450K in 2023


In 2023, HackerOne’s bug bounty data, acquired by Surfshark, a VPN service provider, reveals the crucial role of ethical hackers in safeguarding top government organizations like the US Department of Defense and private companies such as LinkedIn.

A study by Surfshark, a VPN service provider, has revealed that ethical hackers, or white hat hackers, played a vital role in improving cybersecurity in 2023 by identifying 835 vulnerabilities across 105 websites. Their efforts not only secured these platforms but also generated €417,000 ($450,000) in earnings through bug bounty programs. 

The study is based on HackerOne bug bounty program data, which connects security researchers with organizations to detect/disclose vulnerabilities. The HackerOne repository collected data on security vulnerability reports in 2023, aggregating it by company, type of vulnerability, and bounty size. The data was acquired by Surfshark in January 2024.

According to the report, in 2023, 835 vulnerability reports were submitted by 93 ethical hackers, with 96 cases reported in the HackerOne repository. The US Department of Defense reported the most security vulnerabilities in 2023, with 96 reports or 10% of all reports. Two server issues were attributed to website misconfigurations. The flaws allowed users to alter privileges, upload files, and remove accounts.

LinkedIn has received 28 security vulnerability reports, ranking fifth most frequently reported platform. Two critical cases involved improper information disclosure, and a major data breach in 2023 involving the exposure of 500 million users’ personal information.

Surfshark’s research team head, Agneska Sablovskaja, emphasizes the importance of “partnerships between companies and ethical hackers” to address software vulnerabilities, as complex platforms “with millions of lines of codes” may leave flaws behind.

The study highlights the growing importance of ethical hacking as a tool for enhancing online security. Surfshark’s Cyber Security Lead Aleksandr Valentij urges users to download software updates, as vulnerabilities become more dangerous once public.

Cyberattacks are becoming more sophisticated, necessitating collaboration between organizations and ethical hackers. As bug bounty programs expand, more vulnerabilities will be discovered, promoting a safer online environment.

  1. White Hat Hacker at DefCon Jaikbreaks Tractor to Play Doom
  2. Google Introduces Bug Bounty Program for Open-Source Software
  3. Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu & more Pwned
  4. Hack the Pentagon 3.0: Groundbreaking Bug Bounty Program Is Back
  5. Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group





Source link