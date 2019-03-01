HackerOne,
the leading hacker-powered security platform, announced today that bug
bounty hacker @try_to_hack
is the first to surpass $1 million in bounty awards for helping
companies become more secure. A bug bounty is an award given to a hacker
who reports a valid security weakness to an organization. Santiago Lopez
started reporting security weaknesses to companies through bug bounty
programs in 2015 on HackerOne. Lopez — who goes by the handle
@try_to_hack — has reported over 1,600 security flaws to companies
including Twitter
and Verizon
Media Company, as well as private corporate and government
initiatives.
“I do not have enough words to describe how happy I am to become the
first hacker to reach this landmark,” said Lopez. “I am incredibly proud
to see that my work is recognized and valued. To me, this achievement
represents that companies and the people that trust them are becoming
more secure than they were before, and that is incredible. This is what
motivates me to continue to push myself and inspires me to get my
hacking to the next level.”
Lopez is a top ranked all time hacker on HackerOne’s leaderboard out of
more than three hundred and thirty thousand hackers competing for the
top spot. Hackers are invited to find weaknesses in the more than 1,200
technology companies, governments and enterprises that rely on
HackerOne’s hacker community to safely report security vulnerabilities
before they can be exploited by criminals. His specialty is finding
Insecure Direct Object Reference (IDOR) vulnerabilities.
Like many hackers, Lopez is self-taught. He was first inspired to get
started after seeing the movie Hackers and learned to hack by
watching free online tutorials and reading popular blogs. In 2015, at
16-years-old, he signed up for HackerOne and earned his first bounty of
$50 months later. He chose his alias "try_to_hack" to keep himself
motivated — he was determined to try to hack companies regardless of
whether he knew he could succeed. He keeps the name today to remind him
of how he started as a bug bounty hacker. Over the past three years of
hacking after school and now full-time, he has earned nearly forty times
the average software engineer salary in Buenos Aires on bug bounties
alone.
“The entire HackerOne community stands in awe of Santiago's work,” said
HackerOne CEO Marten Mickos. “Curious, self-taught and creative,
Santiago is a role model for hundreds of thousands of aspiring hackers
around the world. The hacker community is the most powerful defense we
have against cyber crime. This is a fantastic milestone for Santiago but
still much greater are the improvements in security that companies have
achieved and keep achieving thanks to Santiago's relentless work."
Lopez was not alone in the race towards this bug bounty landmark. Days
after Lopez surpassed $1 million in bounty awards, Mark Litchfield —
also known by his handle @mlitchfield — joined the ranks of the million
dollar bug bounty hacker club. In 2016, Litchfield made history as the
first hacker to earn over $500,000 in bug bounties. To date, Litchfield
has helped organizations including New Relic, Dropbox, Venmo, Yelp,
Rockstar Games, Shopify and Starbucks resolve more nearly 900 security
weaknesses.
For more on Santiago Lopez’s journey to becoming the top earning hacker
on HackerOne, read the latest Q&A with him here. To get involved and
start hacking, HackerOne is now offering Hacker101
— a free collection of videos, resources, and hands-on activities that
will teach everything needed to operate as a bug bounty hunter. To join
the world’s largest hacker community who, in 2018 alone, earned more
than $19M in bounty awards for their contributions, sign up for
HackerOne here.
About HackerOne
HackerOne is the #1 hacker-powered
security platform, helping organizations find and fix critical
vulnerabilities before they can be exploited. More Fortune 500 and
Forbes Global 1000 companies trust HackerOne than any other
hacker-powered security alternative. The U.S. Department of Defense,
General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic
Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination
Center and over 1,200 other organizations have partnered with HackerOne
to find over 100,000 vulnerabilities and award over $45M in bug
bounties. HackerOne is headquartered in San Francisco with offices
in London, New York, the Netherlands, and Singapore.
View source version on businesswire.com: https://www.businesswire.com/news/home/20190301005093/en/