Hackers earn nearly $2M in HackerOne's hacking event

Hackers reported 1,000 security flaws for organizations, including Verizon Media and GitHub, and earned nearly $2 million in bounties during the three-day HackerOne hacking event in Las Vegas, from Aug. 8 to Aug. 10.

One hundred hackers and 75 hackers in training participated in the event to find security flaws in participating organizations, amid the Black Hat USA and DEF CON security conferences. They earned a total of $1,902,668 in rewards, with $1 million from Verizon Media.

This year, hacker @inhibitor181 was selected as the Most Valuable Hacker, while Santiago Lopez (@try_to_hack), @corb3nik and @mayonaise won the top nightly honors. In March, 19-year-old Lopez made history as the first to earn more than $1 million in bounty awards at HackerOne, according to the company.

HackerOne's hacking events are bug bounty engagements, meaning hackers gather in person to look for security flaws on specific assets for a limited amount of time in exchange for an award. Hackers are awarded based on the number of valid security flaws they report, HackerOne's reputation score and cumulative bounties the hacker earns.

HackerOne said it has hosted 18 events with 13 customers, totaling 36 days of hacking in 10 different cities around the world.

This year marks Verizon Media's sixth live hacking event and its security team called the Paranoids awarded hackers $1 million, the highest bounty from a customer during an event.

Bug bounty programs are increasingly becoming more important in an organization's vulnerability management strategy. Companies including Apple, Google, Microsoft and Netflix have announced their own bug bounty programs offering rewards of up to $1.5 million.

GitHub, a participating company in this year's event, started its Security Bug Bounty program in 2014, offering researchers and hackers rewards of $30,000 or more for finding and reporting critical vulnerabilities.

HackerOne said this year's hacking event also offers a hackers-in-training mentorship program. HackerOne's head of hacker education, Cody Brocious, taught a hacking class for 75 non-binary and women-identifying hackers. Hacker Jesse Kinser also spoke with the group about her experience as a hacker and suggested hacking tools and programs to invest in.