Tell HN: Internet Bug Bounty (IBB) on HackerOne Appears Dead, CVEs Unpaid

8•irke882•1d ago

I figured out this might be a good place to ask/raise this.

This is about the IBB program:

https://hackerone.com/ibb

A few months back, I reported two vulnerabilities that should get a $8000 payout or so. They got CVE numbers and got fixed months back.

It seems like the program is dead. Last report has been resolved 8 months ago. I have tried repeatedly to contact HackerOne through different channels, but got no response. This includes e-mailing the official IBB e-mail, e-mailing HackerOne people directly, reaching out through their forms and using mediation. There's total silence.

I searched social media for any mentions of this, but didn't see any communications.

It looks like the program is dead. The bounties are still being promised, but the reports are ignored - even for published CVE's that clearly do qualify for payouts according to the rules.

Does anyone know more about the situation? What shall be done here? Is the program dead?

Comments

whatamidoingyo•1d ago

That's why I stopped going to HackerOne. My first 3 reports were marked as duplicate. The last report on there was an auth bypass, essentially. They replied: "But you need to show what can be done beyond this". Like, wat? You want me to do some real damage before accepting it (hackerone managed)?

Those were my only reports on the platform before I gave up. Then I went to BugCrowd, submitted a report and it was accepted.

jll088•1d ago

I'm cybersecurity editor at The Register and would like to hear more about what happened - can you get in touch via email (jessica.lyons@theregister.com) or signal jess.825

Ask HN: Any Microsoft employees/devs here? What's happening to Microsoft?

Implementing NaN Boxing in a Stack-Based VM

Ask HN: Anyone else seeing porn images in YouTube ad preview images?

Ask HN: Is anyone aware of a LinkedIn mirror like xcancel.com for X?

Ask HN: How do you do store-and-forward telemetry at the edge?

Ask HN: Who wants to be hired? (January 2026)

Ask HN: How do you use 5–10 minute gaps productively?

Ask HN: Who is hiring? (January 2026)

My Logitech mouse became unusable, Logi Options+ can't validate certificate

RevisionDojo, a YC startup, is running astroturfing campaigns targeting kids?

Git analytics that works across GitHub, GitLab, and Bitbucket

Ask HN: What's a standard way for apps to request text completion as a service?

Amazon Prime AI overviews can't even get the basics right

Ask HN: Those making $500/month on side projects in 2026 – Show and tell

Ask HN: Has anyone else been struggling with search lately?

Anyone building software for wearable tech?

Ask HN: How do small teams make sure recurring tasks don't slip?

ProjectCLI: The Swiss Army Knife CLI for bootstrapping any project

Ask HN: Reading list for being a better engineer?

Private Operating System

I made a lofi page for late night work

Tell HN: Internet Bug Bounty (IBB) on HackerOne Appears Dead, CVEs Unpaid

Ask HN: What kind of setup do you run for your children?

What do people usually do with spare Android phones? Any practical use cases?

Ask HN: What's the future of software testing and QA?

Ask HN: What did you learn in 2025?

Tell HN: I'm having the worst career winter of my life

Ask HN: Are you missing daily email alerts from HN?

Ask HN: How is your work making the world a better place?

Ask HN: What's the best talk you've watched?

Tell HN: Internet Bug Bounty (IBB) on HackerOne Appears Dead, CVEs Unpaid

Comments

Ask HN: Any Microsoft employees/devs here? What's happening to Microsoft?

Implementing NaN Boxing in a Stack-Based VM

Ask HN: Anyone else seeing porn images in YouTube ad preview images?

Ask HN: Is anyone aware of a LinkedIn mirror like xcancel.com for X?

Ask HN: How do you do store-and-forward telemetry at the edge?

Ask HN: Who wants to be hired? (January 2026)

Ask HN: How do you use 5–10 minute gaps productively?

Ask HN: Who is hiring? (January 2026)

My Logitech mouse became unusable, Logi Options+ can't validate certificate

RevisionDojo, a YC startup, is running astroturfing campaigns targeting kids?

Git analytics that works across GitHub, GitLab, and Bitbucket

Ask HN: What's a standard way for apps to request text completion as a service?

Amazon Prime AI overviews can't even get the basics right

Ask HN: Those making $500/month on side projects in 2026 – Show and tell

Ask HN: Has anyone else been struggling with search lately?

Anyone building software for wearable tech?

Ask HN: How do small teams make sure recurring tasks don't slip?

ProjectCLI: The Swiss Army Knife CLI for bootstrapping any project

Ask HN: Reading list for being a better engineer?

Private Operating System

I made a lofi page for late night work

Tell HN: Internet Bug Bounty (IBB) on HackerOne Appears Dead, CVEs Unpaid

Ask HN: What kind of setup do you run for your children?

What do people usually do with spare Android phones? Any practical use cases?

Ask HN: What's the future of software testing and QA?

Ask HN: What did you learn in 2025?

Tell HN: I'm having the worst career winter of my life

Ask HN: Are you missing daily email alerts from HN?

Ask HN: How is your work making the world a better place?

Ask HN: What's the best talk you've watched?