Skip to main content

Some ethical hackers are making huge amounts of cash

Broadly speaking, hackers come in two flavors. Those who are out to exploit a computer system and cause havoc for its operator and people who use it, and those who search for vulnerabilities in a system and then inform the operator in exchange for a cash reward.

The latter can make some serious dough from their work, too, with the top ones able to earn millions of dollars in the space of a single year.

HackerOne is a Silicon Valley-based company that partners with the global hacker community to track down security issues for its clients — via so-called “bug bounty programs” — before the vulnerabilities can be exploited by criminals.

A growing number of companies big and small are working with HackerOne to launch bug bounty programs so that flaws can be identified and fixed, thereby removing them as a potential threat to their business.

In its latest annual Hacker Report, HackerOne reveals just how well some ethical hackers have been doing.

In the last year alone, ethical hackers earned a staggering $40 million through the reporting of vulnerabilities to programs run by HackerOne, a huge increase from the $19 million earned in 2019. Nine hackers have earned over $1 million dollars on the platform since 2019, and one hacker passed the $2 million mark in 2020.

More and more ethical hackers from all over the world are signing up to bug bounty programs, with HackerOne having seen a 63% increase in the number of hackers reporting flaws in the last year alone. The company now has more than a million investigators on its books.

In May 2020, HackerOne reached the milestone of $100 million paid to hackers for vulnerability reports, of which 50,000 were made in the last year, with the company forecasting that hackers will earn a total of $1 billion in bug bounties within five years.

Payments for reported vulnerabilities can vary hugely as they depend largely on how dangerous the bug could be to a firm’s computer systems and overall operations if it were to be exploited by hackers with nefarious intentions.

For an example of how payment systems function with bug bounty programs, we can look at one operated by Sony that invites ethical hackers to search for vulnerabilities on its PlayStation platform.

According to data from 2020, payouts start at $100 for a low-rated vulnerability discovered on Sony’s gaming platform, with more valuable tiers offering minimum payments of $400, $1,000, and $3,000.

Discover a low-rated vulnerability on the PlayStation 4, for example, and you should receive a minimum of $500, with higher rewards worth a minimum of $2,500 and $10,000. The most critical vulnerabilities, meanwhile, will result in a payment of at least $50,000.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Intel enlists help of ‘elite hackers’ to exterminate bugs
A depiction of a hacker from Intel's Project Circuit Breaker bug program.

Intel has announced an expansion of its Bug Bounty program with Project Circuit Breaker, a new initiative that is predominantly aimed at recruiting “elite hackers.”

The company wishes to form a community of hackers who will attempt to discover bugs in firmware, hypervisors, GPUs, chipsets, and more.

Read more
Hacker tries to poison the water supply of a Florida city
teflon water supply dangerous faucet

A computer hacker attempted to poison the water supply of a city in Florida, local police  on Monday, February 8.

The unknown perpetrator was able to remotely access the water treatment system of the city of Oldsmar — population 15,000 — on Friday, February 5, and increase the level of sodium hydroxide (also known as lye) by more than 100 times. The chemical is usually used in small quantities to control the water’s acidity, but if ingested in large amounts could cause burns and other problems.

Read more
Sony’s revamped PlayStation bug bounty program offers cash rewards
Two people play a soccer game on PS4

Sony is inviting one and all to hunt down bugs on its PlayStation platform for some potentially big cash payouts.

The entertainment giant has actually had a bug bounty program in place for some time, but operated it privately with select researchers. This week’s announcement means the program is now open to everyone, including “the security research community, gamers, and anyone else,” Geoff Norton, Sony’s senior director of software engineering, wrote in a blog post about the expansion.

Read more