Argentina’s Santiago Lopez is now a millionaire due to his prowess on identifying flaws in online services as well as software. The ethical hacker who uses the moniker @try_to_hack became part of HackerOne’s bug bounty program in 2015 and so far he has reported more than 1,670 unique bugs.
Lopez identified bugs in the products and services of mainstream firms such as Twitter, Verizon Media Company, WordPress, and Automattic. It is worth noting that Lopez is a self-taught hacker who has become a top-ranking ethical hacker of all times on HackerOne, which is a crowdfunding platform.
Lopez specializes in the identification of Insecure Direct Object Reference flaws also known as IDOR vulnerabilities. The movie Hackers inspired him to become an ethical hacker and he learned the tricks of the trade by going through free online tutorials and blogs. He was sixteen years old when he joined HackerOne and earned his first bounty of $50 within a few months.
Now he is serving as a full-time hacker and has earned about 40-times more than the average salary of a software engineer in Buenos Aires through bug bounties. He learned about tracking down even the most difficult to identify vulnerabilities including Cross-Site Request Forgery (CSRF) security flaws. His largest payout until now has been $9,000, which he earned for identifying a Server Side Request Forgery (SSRF) vulnerability.
Making his mark among so many skilled hackers is no ordinary feat for a teenager. HackerOne’s CEO Marten Mickos claims that they are certainly in awe of Lopez’s work since he is a self-taught hacker.
“Santiago is a role model for hundreds of thousands of aspiring hackers around the world. The hacker community is the most powerful defense we have against cybercrime. This is a fantastic milestone for Santiago but still much greater are the improvements in security that companies have achieved and keep achieving thanks to Santiago’s relentless work,” stated Mickos.
Lopez is counted among the top hackers now with 91st signal percentile and 84th impact percentile on HackerOne leaderboards.
“I am incredibly proud to see that my work is recognized and valued. Not just for the money, but because this achievement represents the information of companies and people being more secure than they were before, and that is incredible,” Lopez stated.