HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to human error, on the bug bounty platform. HackerOne is implementing short-term measures, including binding the user s session to the IP address used at initial sign-in, and terminating the session if an attempt is made to utilize it from a different IP address. The company said it will increase bounty hunter education around how to handle any similar incidents to this one.
Source: https://threatpost.com/hackerone-breach-20000-bounty-reward/150846/