HackerOne, the seven-year-old, San Francisco-based company that mediates between hackers and companies interested in testing their online vulnerabilities, has raised $36.4 million in Series D funding that brings the company’s total funding to date to $110 million.
The deal was led by Valor Equity Partners, which was joined by the company’s earlier investors, including Benchmark, New Enterprise Associates, Dragoneer Investment Group and EQT Ventures.
The company says it now works with more than 1,500 customers that use the company to help find critical security weaknesses so they can address them before players with nefarious intentions find and exploit them. Among the list of companies that pay for its help are Google, Intel, Airbnb, Alibaba, General Motors, and the U.S. Department of Defense.
As we reported late last month, HackerOne is also working with Facebook and its partners on the Libra cryptocurrency project; specifically, it’s developing a bug bounty program for applications built on its blockchain.
With data breaches becoming an everyday occurrence for all kinds of businesses — often caused by flaws in payment systems but also sometimes the simple result of poor cyber hygiene — it’s no surprise that HackerOne, along with competitors like Synack and BugCrowd, are becoming more central to many more companies.
With more outfits under attack than ever before, the rewards that hackers can earn is also on the rise. While each client determines what it will pay for a job, with more complicated issues typically promising higher bounties (HackerOne refers to each task as “piece work”), the average bounty Hacker One paid for critical vulnerabilities has increased to $3,384 in the last year, a 48% increase over the prior year’s average.
The company meanwhile says that six hackers on its platform have now earned more than $1 million each in lifetime earnings. The first of these, a 19-year-old, self-taught hacker from Argentina, became the first person to earn more than $1 million in bounty awards from HackerOne back in March. He has reported more than 1,670 valid unique vulnerabilities to companies, including Verizon Media Company, Twitter, WordPress parent Automattic.
Since then, five more hackers have joined the million-dollar club, says HackerOne.
HackerOne works with hundreds of thousands of individuals in service to its customers. At an event hosted by this editor last year, HackerOne CEO Marten Mickos suggested that a fair number are teenagers, too. Said Mickos at the time: “Some [of the hackers we work with] are teenage boys and girls today, and they’ll write us and say their life has changed. They bought an apartment for their mother, or they bought a motorbike for themselves. They show up on social media in their HackerOne hoodies. That’s their identity. It’s shaping them into respectable, contributing citizens who take responsibility for the world. It’s amazing to see how these young people stand up when we adults have been screwing up this world.”