Ask HN: Ethical Hacker" or Criminal Scammer?
My company does not participate in any sort of bug bounty programs. An "ethical hacker" hacked into one of our small back end tools and is pressuring us for money to reveal what he did and is sort of threatening to release confidential information from it. How should we handle this?
8 comments
[ 4.4 ms ] story [ 34.7 ms ] threadBut in any case, take it as a learning opportunity. Fire your incompetent sysadmins and developers who allowed this to happen with their insecure garbage, and get people who have at least seen a computer on a picture. Not trying to victim-blame here, but letting this happen in 2025 is absolutely ridiculous.
Then you can out him or take up legal action, or send some goons over to his house for that matter.
If you really want to have some fun tell him you're happy to pay him but he must become and Approved Vendor first ... and boy thats a process but you want paid right? This is the only way accounting will pay anybody. Sorry :)