A VPN service provider, Surfshark, has issued a study in 2023 revealing the significant contribution of ethical hackers, also known as white hat hackers, in strengthening cybersecurity. These ethical hackers were responsible for identifying 835 vulnerabilities across 105 websites, which not only secured these platforms but also earned them a total of €417,000 in bug bounty programs.
The data for this study was obtained from HackerOne, a bug bounty program that connects security researchers with organizations to detect and disclose vulnerabilities. The data was collected from the HackerOne repository, which aggregates information on security vulnerability reports, including the company, type of vulnerability, and bounty size. This data was later acquired by Surfshark in January 2024.
According to the report, in 2023, a total of 835 vulnerability reports were submitted by 93 ethical hackers. These reports were associated with 105 websites, with the US Department of Defense reporting the highest number of security vulnerabilities, totaling 96 reports or 10% of all reports. Among the security vulnerabilities reported, two server issues were attributed to website misconfigurations, which allowed users to alter privileges, upload files, and remove accounts.
LinkedIn, a popular professional networking platform, received 28 security vulnerability reports, ranking it as the fifth most frequently reported platform. These reports included two critical cases of improper information disclosure and a major data breach in 2023 that involved the exposure of 500 million users’ personal information.
Agneska Sablovskaja, the head of Surfshark’s research team, emphasized the importance of partnerships between companies and ethical hackers in addressing software vulnerabilities, especially in complex platforms with millions of lines of code that may leave behind flaws. This highlights the growing significance of ethical hacking as a tool for enhancing online security.
The Cyber Security Lead at Surfshark, Aleksandr Valentij, urged users to download software updates as vulnerabilities become more dangerous once they are public. With cyber-attacks becoming increasingly sophisticated, collaboration between organizations and ethical hackers is crucial. Moreover, as bug bounty programs continue to expand, more vulnerabilities will be discovered, promoting a safer online environment.
This study sheds light on the pivotal role of ethical hackers in improving cybersecurity and the need for their continued partnership with organizations in addressing vulnerabilities. The extensive amount of vulnerability reports and the significant earnings from bug bounty programs indicate the widespread impact of these ethical hackers in safeguarding government organizations and private companies.
Overall, the study highlights the importance of cybersecurity efforts and the integral role played by ethical hackers in identifying and addressing vulnerabilities, ultimately contributing to a more secure online environment.