HackerOne is a bug bounty platform that connects companies with security researchers. Recently, when researchers used the platform to disclose six PayPal vulnerabilities, they were punished.
When our analysts discovered six vulnerabilities in PayPal…we were met with non-stop delays, unresponsive staff, and lack of appreciation…When we pushed the HackerOne staff for clarification on these issues, they removed points from our Reputation scores, relegating our profiles to a suspicious, spammy level.
This happened even when the issue was eventually patched, although we received no bounty, credit, or even a thanks…We’ll assume that HackerOne’s response is representative of PayPal’s response.
Check It Out: HackerOne Punished Researchers Who Disclosed PayPal Bugs