1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
gist.github.com
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md

hi, i’m daniel. i’m a 15-year-old with some programming experience and i do a little bug hunting in my free time. here’s the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

  • troed@fedia.io
    80·
    1 month ago

    Despite fixing the issue, Zendesk ultimately chose not to award a bounty for my report. Their reasoning? I had broken HackerOne’s disclosure guidelines by sharing the vulnerability with affected companies

    Regardless of everything else they should be kicked out from HackerOne since it’s clearly Zendesk not being truthful here.

      • Possibly linux@lemmy.zipEnglish
        4·
        1 month ago

        Sounds like they just didn’t want to pay this guy. That is so dumb as if they lose even a few customers they are going to be in negative. They should of paid him and then turned this into a PR positive.