On August 21, 2023, security researcher and HackerOne Advisory Board Member Corben Leo announced on social media that he had “hacked a car company” and went on to post a thread explaining how he “gained access to hundreds of their codebases.”
Corben was participating in a bug bounty program run by the car maker. This is a very common practice across industries, as it rewards ethical hackers for finding issues and reporting them in a responsible way. This path has been time-tested and produced some fantastic results for many companies. At the same time, there is some reporting that says that compared to other industries, car manufacturers tend to pay far less for bug bounties. In this case, the car company had the right incentives, and Corben had the right motivation to find and report this potentially crisis-inducing vulnerability.