19-Year-Old Awarded More than $1M in Bug Bounties

Written by

A 19-year-old completely self-taught hacker from Argentina has just been recognized as the first bug bounty hacker to earn more than $1 million in bounty payout awards, according to HackerOne.

Santiago Lopez, the hacker, who uses the handle @try_to_hack, has been discovering and disclosing vulnerabilities through HackerOne’s bug bounty program since 2015. In 2016, he earned his first award of $50, though he admitted, "At the time I was not very interested in the size of the bounty. I was just so happy and excited to earn my first reward on my own."

Since joining the hacker community, Lopez has reported over 1,600 security flaws to companies including Twitter and Verizon Media Company. He’s also worked on different private corporate and government initiatives.

"I never knew anything about hacking. I didn’t even know it existed until I saw the movie Hackers, which opened up a whole new world for me. As I learned more, I realized that I was naturally drawn to the types of challenges and problem solving opportunities associated with hacking.

Lopez said that he is completely self-taught and learned most of his hacking techniques through the internet. "I watched online tutorials and also read a lot about hacking. This is how I became the hacker that I am today. It took me a long time to find my first vulnerability, but with patience and effort it can definitely be achieved.”

In related news, HackerOne has today released its 2019 Hacker Report, which is the result of a survey of more than 3,667 hackers from over 100 countries and territories. The report found that 2018 was a big year for bounty payouts, with hackers earning $19 million in bounties.

While India and the US remain the most popular hacker locations, the African continent is starting to welcome hacker activity. According to the report, more than six African countries launched engagements with hackers in 2018.

What’s hot on Infosecurity Magazine?