HACKING AMAZON
We all are conditioned into believing that hacking is illegal whether it’s hacking bank accounts, hacking Facebook and other social media accounts, or even hacking Amazon. The truth of the matter is that while many cybercrimes involve hacking, not all hackers are criminals and hacking in itself is not a crime. A case in point is a recent event of hacking Amazon to test vulnerabilities in the giant online retailer’s IT systems.
AMAZON LIVE HACKING EVENT
Amazon’s live hacking event took place in March this year with approximately 50 hackers from 9 countries participating in the 10-day virtual event to hunt down vulnerabilities in Amazon’s core IT assets. The Amazon Vulnerability Research Program was first launched in April 2020 on HackerOne, a hacker-powered bug bounty platform, headquartered in San Fransico with offices in New York, London and Singapore.
$832,135 PAID FOR HACKING AMAZON
Bound by a confidentiality agreement with Amazon, HackerOne could not share any details about the total number of vulnerabilities hacked. The platform, however, did confirm that safe mitigation of all issues discovered was in place. What HackerOne happily announced was that some of the more skilled hackers each took home more than $100,000 in rewards. Jonathan Bouman submitted a total of 23 valid vulnerability reports and earned 59 bounties in this, his first live hacking event with HackerOne. The final total for all bounties paid was a mouth-watering sum of $832,135. Not bad for 10 days’ work.
HIGH AND CRITICAL IMPACT
HackerOne reported that about 93% of all payments made by Amazon were for findings that fell into the high and critical impact report category. Amazon also applied a momentum bonus scheme for the event which meant that additional bounty payments were issued for every vulnerability report that matched the impact of the flaw.
AMAZON’S RATIONALE
Was the hacking Amazon event simply about paying generous bounties to legal hackers? Of course not. Amazon stated that the findings from the reports would enable it to implement more robust and secure IT systems and ultimately improve customer experience. Hao-Wei Chen, head of Amazon’s Vulnerability Research Program, said:
“Bringing in external researchers allows us to extend the reach of our security teams to put our mechanisms and broad attack surface to the test.”
Luke Tucker, vice-president of community at HackerOne, added:
“The shared experiences of a live hacking event always creates new and deeper relationships, and the Amazon security team was able to collaborate with both top hackers on their program and new talent. Security is stronger when we’re working together.”
ENTER ZHERO
And what Tucker says about working together also holds for your IT systems. Partnering with Zhero, the UK’s #1 risk mitigation IT support company, you will get peace of mind knowing that your IT is thoroughly tested and protected against threats and vulnerabilities. Our cybersecurity experts are here to help so get in touch today.
