$20,000 Paid For A Bug That No One Has Ever Expected

Hey MCK’s, Today we are going to talk about the bug that has been recently found on “HackerOne” and they paid $20,000 for that bug. A bug was found in HackerOne From a non-essential cookie through which anyone can access directly into the account. Before that let’s talk about what is a cookie. what are essential cookies? and what are non-essential cookies? Let’s get into it.

Generally, cookies are used to store our information like their customer ID for continuity purposes. Essential cookies are used to store our ID and password for that continuity like if we add something to our Amazon cart and when we go to the Amazon cart our item will be added right? cookies make this possible. Non-essential cookies are used for advertisement purposes and whenever a non-essential cookie is accessing our advertisement data we will get the popup whether to allow those non-essential cookies to access our data or not.

Let’s get into the bug-hunter story well a hacker found a bug in HackerOne cookies to be more precise in their non-essential cookies when a non-essential cookie is passed as a request it directly takes us to the user account and the hacker who identified this was awarded 20,000 USD and when bugs like these are found in companies like HackerOne which technically makes try to prevent cyber attacks and educate about cybersecurity the safety of individuals in the internet is under terror.