Skip to main content

Some ethical hackers are making huge amounts of cash

Broadly speaking, hackers come in two flavors. Those who are out to exploit a computer system and cause havoc for its operator and people who use it, and those who search for vulnerabilities in a system and then inform the operator in exchange for a cash reward.

The latter can make some serious dough from their work, too, with the top ones able to earn millions of dollars in the space of a single year.

Recommended Videos

HackerOne is a Silicon Valley-based company that partners with the global hacker community to track down security issues for its clients — via so-called “bug bounty programs” — before the vulnerabilities can be exploited by criminals.

A growing number of companies big and small are working with HackerOne to launch bug bounty programs so that flaws can be identified and fixed, thereby removing them as a potential threat to their business.

In its latest annual Hacker Report, HackerOne reveals just how well some ethical hackers have been doing.

In the last year alone, ethical hackers earned a staggering $40 million through the reporting of vulnerabilities to programs run by HackerOne, a huge increase from the $19 million earned in 2019. Nine hackers have earned over $1 million dollars on the platform since 2019, and one hacker passed the $2 million mark in 2020.

More and more ethical hackers from all over the world are signing up to bug bounty programs, with HackerOne having seen a 63% increase in the number of hackers reporting flaws in the last year alone. The company now has more than a million investigators on its books.

In May 2020, HackerOne reached the milestone of $100 million paid to hackers for vulnerability reports, of which 50,000 were made in the last year, with the company forecasting that hackers will earn a total of $1 billion in bug bounties within five years.

Payments for reported vulnerabilities can vary hugely as they depend largely on how dangerous the bug could be to a firm’s computer systems and overall operations if it were to be exploited by hackers with nefarious intentions.

For an example of how payment systems function with bug bounty programs, we can look at one operated by Sony that invites ethical hackers to search for vulnerabilities on its PlayStation platform.

According to data from 2020, payouts start at $100 for a low-rated vulnerability discovered on Sony’s gaming platform, with more valuable tiers offering minimum payments of $400, $1,000, and $3,000.

Discover a low-rated vulnerability on the PlayStation 4, for example, and you should receive a minimum of $500, with higher rewards worth a minimum of $2,500 and $10,000. The most critical vulnerabilities, meanwhile, will result in a payment of at least $50,000.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more
Hacker steals 1 billion people’s records in unprecedented data breach
A depiction of a hacker breaking into a system via the use of code.

An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.

The individual, 'ChinaDan', took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.

Read more
Hackers targeted AMD to steal huge 450GB of top-secret data
A depiction of a hacker breaking into a system via the use of code.

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Read more