HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users bug reports on the website. One of the HackerOnes own staff accidentally disclosed one of their own valid session cookies granting the external bug-hunter access to vulnerability reports related to other HackerOne customers. HackerOne notes that its response to the bug report about its own site might have been faster if it hadnt occurred at the weekend.”]