Cybersecurity: Hackers earn millions of dollars thanks to discovering security holes in the software

Hackers earned a record $ 40 million (£ 28 million) in 2020 thanks to reporting software vulnerabilities via a leading reporting service in return for bonuses.

Hiker One said that nine hackers earned more than $ 1 million after affected organizations were informed of their findings.

The total income of a Romanian man, who began hunting for computer defects two years ago, exceeded $ 2 million. One of the UK’s highest earners was a pirate who made $ 370,000 last year.

The platform concluded that the pandemic gave volunteers more time to move forward in this endeavor.

A survey organized by “Hacker One” indicated that 38 percent of respondents have spent more time on piracy since the start of the Covid-19 outbreak.


Many of the respondents work part-time and are located in dozens of different countries, including the United States, Argentina, China, India, Nigeria, and Egypt.

Katie catches security vulnerabilities in her spare time
Katie catches security vulnerabilities in her spare time

The amount of money given to a hacker depends on the severity of the discovered security vulnerability, and can range from less than $ 140 to a much higher amount.

Hacker-One, which is based in California, charges a subscription fee to the companies that use its platform.

British lecturer, Katie Paxton-Fair at the University of Manchester, says she preys on security vulnerabilities in her spare time.

She goes on to say that although making money is a good thing, it is not a get-rich-quick business.

“I earned about 12,000 pounds in 12 months,” she said.

“I remember discovering the vulnerability for the first time. I was in awe and trembling, and realized that what I had done was a wonderful thing. I saved people from a very big security hole.”

“I don’t just use my time to try to win a prize. I actively help secure the applications I use, which is why this poses a challenge that is marred by the desire to do something good,” she said.

Another French-based platform called Yes-We-Hack said that the 22,000 hackers working for it discovered twice as many security vulnerabilities in 2020 as compared to last year.

This platform did not publish the numbers related to the monetary rewards that were made through its service.

“Given the new risks and the importance of cybersecurity that helps companies overcome economic difficulties, an increasing number of senior security officials have resorted to securing information by awarding bonuses to those who discover a security vulnerability,” said Guillaume Vasu-Hollier, chief executive officer of the company.

Another company, an information security platform called Bag-Crowd, said it had seen a 50 percent increase in content exposure on its platform over the past 12 months.

Grant rewards

And commercial programs that specialize in giving bonuses to those who discover a security vulnerability have gained popularity during the last five years, but some experts believe that there are security holes involved in the system if it is relied upon too much.

Victor Jeffers, a researcher in internet security who runs the GDI Foundation in the Netherlands responsible for discovering vulnerabilities, said he had never accepted money for what he was doing.

“We do not participate in the rewards for those who discover a security vulnerability, because they are sometimes very narrow in scope and provide researchers only permission to search for security holes in some parts of the system,” he added.

“We want to be able to ethically search for loopholes where we think they exist, and to preserve our independence,” he said.

“But for junior researchers or students in Internet security matters, these commercial platforms that offer rewards to those who find a security vulnerability are great because they provide the user with a lot of protection, resources and are an ideal place to start,” he concluded.

Related Stories

Stay on op - Ge the daily news in your inbox

Recent Articles