ASIA/SINGAPORE, March 4, 2019 — HackerOne, the leading hacker-powered security platform, announced today that bug bounty hacker @try_to_hack is the first to surpass US$1 million in bounty awards for helping companies become more secure.
A bug bounty is an award given to a hacker who reports a valid security weakness to an organization.
Santiago Lopez started reporting security weaknesses to companies through bug bounty programs in 2015 on HackerOne. Lopez — who goes by the handle @try_to_hack — has reported over 1,600 security flaws to companies including Twitter and Verizon Media Company, as well as private corporate and government initiatives.
Meet Santiago Lopez, the self-taught Argentinian teen hacker at 19 years, who became HackerOne’s first White Hat hacker to earn US$1 million as bug bounty rewards for exposing companies’ vulnerabilities. (Photo: HackerOne)
“I do not have enough words to describe how happy I am to become the first hacker to reach this landmark,” said Lopez. “I am incredibly proud to see that my work is recognized and valued. To me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible. This is what motivates me to continue to push myself and inspires me to get my hacking to the next level.”
Lopez is a top ranked all time hacker on HackerOne’s leaderboard out of more than 330,000 hackers competing for the top spot. Hackers are invited to find weaknesses in the more than 1,200 technology companies, governments and enterprises that rely on HackerOne’s hacker community to safely report security vulnerabilities before they can be exploited by criminals. His specialty is finding Insecure Direct Object Reference (IDOR) vulnerabilities.
Like many hackers, Lopez is self-taught. He was first inspired to get started after seeing the movie Hackers and learned to hack by watching free online tutorials and reading popular blogs. In 2015, at 16-years-old, he signed up for HackerOne and earned his first bounty of US$50 months later. He chose his alias “try_to_hack” to keep himself motivated — he was determined to try to hack companies regardless of whether he knew he could succeed. He keeps the name today to remind him of how he started as a bug bounty hacker. Over the past three years of hacking after school and now full-time, he has earned nearly forty times the average software engineer salary in Buenos Aires on bug bounties alone.
“The entire HackerOne community stands in awe of Santiago’s work,” said HackerOne CEO Marten Mickos. “Curious, self-taught and creative, Santiago is a role model for hundreds of thousands of aspiring hackers around the world. The hacker community is the most powerful defense we have against cyber crime. This is a fantastic milestone for Santiago but still much greater are the improvements in security that companies have achieved and keep achieving thanks to Santiago’s relentless work.”
A hacker’s image courtesy of Pixabay.
Lopez was not alone in the race towards this bug bounty landmark. Days after Lopez surpassed US$1 million in bounty awards, Mark Litchfield — also known by his handle @mlitchfield — joined the ranks of the million dollar bug bounty hacker club. In 2016, Litchfield made history as the first hacker to earn over US$500,000 in bug bounties. To date, Litchfield has helped organizations including New Relic, Dropbox, Venmo, Yelp, Rockstar Games, Shopify and Starbucks resolve nearly 900 security weaknesses.
To get involved and start hacking, HackerOne is now offering Hacker101— a free collection of videos, resources, and hands-on activities that will teach everything needed to operate as a bug bounty hunter. To join the world’s largest hacker community who, in 2018 alone, earned more than US$19M in bounty awards for their contributions, sign up for HackerOne. (HackerOne)
About HackerOne
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, Hyatt, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations have partnered with HackerOne to find over 100,000 vulnerabilities and award over US$43M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, and Singapore.###