A 19-year old bounty hacker is the first person known to have generated $1 million from hacking into computer systems and software lawfully.
Argentinian hacker Santiago Lopez started trying to uncover bugs and vulnerabilities four years ago using bounty programme HackerOne.
He has now reported more than 1,600 security flaws in software including those present on Twitter and Verizon. He's also contributed to government hacking programmes, helping the public sector protect their systems from malicious actors, all while pocketing reward money for his efforts.
"I am incredibly proud to see that my work is recognized and valued," Lopez said. "To me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible.
"This is what motivates me to continue to push myself and inspires me to get my hacking to the next level."
He explained that he's taught himself how to uncover bugs by watching videos and reading articles about how to discover vulnerabilities.
Lopez, known by his hacker alias try_to_hack earned his first bounty just a few months after signing up to HackerOne.
"The entire HackerOne community stands in awe of Santiago's work," said HackerOne CEO Marten Mickos. "Curious, self-taught and creative, Santiago is a role model for hundreds of thousands of aspiring hackers around the world.
"The hacker community is the most powerful defense we have against cyber crime. This is a fantastic milestone for Santiago but still much greater are the improvements in security that companies have achieved and keep achieving thanks to Santiago's relentless work."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
Windows 11 System Restore bug preventing users from accessing appsNews Microsoft has issued a series of workarounds for the issue which is affecting a range of apps including Office and Terminal
-
Windows 10 users encounter ‘blue screen of death’ after latest Patch Tuesday updateNews Microsoft said it is working on a fix for the issue and has offered users a temporary workaround
-
SpaceX bug bounty offers up to $25,000 per Starlink exploitNews The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page
-
Microsoft announces lucrative new bug bounty awards for M365 products and servicesNews The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Google doubles bug bounty rewards for Linux, Kubernetes exploitsNews The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
