According to HackerOne, vulnerability coordination and bug bounty platform, an Argentina based teenager, Santiago Lopez, become the first ethical hacker for making more than $1 million in bug hunting.
Started Hunting Bugs at the Age of 16
He joined the platform in 2015 and started reporting security bugs at the age of 16. Lopez is a self-taught hacker who learned most of the hacking concepts and techniques by reading tutorials and watching YouTube videos. Presently, he is one of the top-ranking ethical hackers on the HackerOne platform with 84th percentile for impact and 91st percentile for the signal.
However, his major inspiration came from a Hollywood movie. In a Q&A session with HackerOne, he said: “I never knew anything about hacking. I didn’t even know it existed until I saw the movie Hackers, which opened up a whole new world for me. As I learned more, I realized that I was naturally drawn to the types of challenges and problem-solving opportunities associated with hacking.” After joining the platform in 2015, he spent a few months in understanding everything. In 2016, Lopez earned his first $50 for a cross-site request forgery (CSRF) vulnerability. At that time, he was not focusing on money but was very happy and excited about receiving the first reward of his own. Also Read: Important Programming Languages for Ethical Hacking There are many people out there who think hacking is kind of a trick which anyone can learn overnight. But this is definitely not the case. “I watched online tutorials and also read a lot about hacking. This is how I became the hacker that I am today. It took me a long time to find my first vulnerability, but with patience and effort, it can definitely be achieved.” Lopez added. Lopez has reported over 1,670 security bugs to Twitter, Verizon Media, and several other companies till now. He always focused on finding as many bugs as he can in a short period of time. Lopez has also worked in various government and private initiatives. His highest payout was of $9,000 given for a server-side request forgery (SSRF). Talking about the income, Lopez is now doing it full time and currently earning nearly forty times the average software engineer salary in Buenos Aires. When asked about his handle @try_to_hack on the platform, HackerOne said, “He was determined to try to hack companies regardless of whether he knew he could succeed.” Besides Lopez, there is one more hacker Mark Litchfield, on HackerOne, who crossed $1 million figure. As per the 2019 Hacker Report released by HackerOne, hackers have earned a total of $19 million from finding security flaws and hunting bugs in 2018.