Six hackers have broken the bug bounty records, with each making seven figures on HackerOne. In a report published today, HackerOne, the top bug bounty platform, announced that almost five thousand bugs have been found thanks to these hackers.
The streak first started with Santiago Lopez (@try_to_hack), a 19-year-old Argentinian who crossed the $1 million bounty threshold in March. Now, Mark Litchfield (@mlitchfield) from the UK, Frans Rosen (@fransrosen) from Sweden, Nathaniel Wakelam (@nnwakelam) from Australia, Ron Chan (@ngalog) from Hong Kong, and Tommy DeVoss (@dawgyg) from the US have joined Lopez to hit the seven figures mark on HackerOne.
HackerOne wrote that Santiago has reported nearly 2,000 valid unique vulnerabilities to companies like Verizon, Twitter, WordPress, and HackerOne. “He consistently tops the HackerOne leaderboards, reaching the 91st percentile for signal and 84th percentile for impact, which ranks him 2nd overall on the platform with a reputation score of over 45,000,” the company wrote.
“Hacking can open doors to anyone with a laptop and curiosity about how to break things,” Litchfield, who was the second to join the ranks of millionaire hackers on HackerOne, said. “I hope our achievements will encourage other hackers young and old to test their skills, become part of our supportive community, rake in some extra $$$’s along the way and make the internet a much safer place for people.”
Almost half a million people are part of the HackerOne community
Over 450,000 hackers are part of the HackerOne community. While six of them have finally hit the seven figure target, only seven more have hit $500,000 in lifetime earnings. This does seem like only a handful of them are able to take some pie of this lucrative industry, but HackerOne suggests that not everyone is part of this community for money.
“Submitted bug reports, personal interactions, and public HackerOne profile activity contribute meaningfully to hiring decisions – a practice encouraged and championed within HackerOne,” the company said, adding that “dozens of customers in the past year have hired hackers they met through their programs.”