Tell HN: Internet Bug Bounty (IBB) on HackerOne Appears Dead, CVEs Unpaid

11•irke882•1mo ago

I figured out this might be a good place to ask/raise this.

This is about the IBB program:

https://hackerone.com/ibb

A few months back, I reported two vulnerabilities that should get a $8000 payout or so. They got CVE numbers and got fixed months back.

It seems like the program is dead. Last report has been resolved 8 months ago. I have tried repeatedly to contact HackerOne through different channels, but got no response. This includes e-mailing the official IBB e-mail, e-mailing HackerOne people directly, reaching out through their forms and using mediation. There's total silence.

I searched social media for any mentions of this, but didn't see any communications.

It looks like the program is dead. The bounties are still being promised, but the reports are ignored - even for published CVE's that clearly do qualify for payouts according to the rules.

Does anyone know more about the situation? What shall be done here? Is the program dead?

Comments

whatamidoingyo•1mo ago

That's why I stopped going to HackerOne. My first 3 reports were marked as duplicate. The last report on there was an auth bypass, essentially. They replied: "But you need to show what can be done beyond this". Like, wat? You want me to do some real damage before accepting it (hackerone managed)?

Those were my only reports on the platform before I gave up. Then I went to BugCrowd, submitted a report and it was accepted.

jll088•1mo ago

I'm cybersecurity editor at The Register and would like to hear more about what happened - can you get in touch via email (jessica.lyons@theregister.com) or signal jess.825

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

Discuss – Do AI agents deserve all the hype they are getting?

Ask HN: Ideas for small ways to make the world a better place

Ask HN: Non AI-obsessed tech forums

LLMs are powerful, but enterprises are deterministic by nature

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

Ask HN: Who wants to be hired? (February 2026)

Ask HN: Who is hiring? (February 2026)

AI Regex Scientist: A self-improving regex solver

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

Tell HN: Another round of Zendesk email spam

Ask HN: Is Connecting via SSH Risky?

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

Ask HN: Why LLM providers sell access instead of consulting services?

Ask HN: How does ChatGPT decide which websites to recommend?

Ask HN: What is the most complicated Algorithm you came up with yourself?

Ask HN: Is there anyone here who still uses slide rules?

Ask HN: Mem0 stores memories, but doesn't learn user patterns

Ask HN: Is it just me or are most businesses insane?

Kernighan on Programming

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

We built a serverless GPU inference platform with predictable latency

Ask HN: Does a good "read it later" app exist?

Ask HN: Any International Job Boards for International Workers?

Ask HN: Have you been fired because of AI?

Ask HN: Anyone have a "sovereign" solution for phone calls?

Ask HN: Cheap laptop for Linux without GUI (for writing)

Ask HN: How Did You Validate?

GitHub Actions Have "Major Outage"