Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They could have probably made a 100k by disclosing this to Twitter. The reward/risk graph seems concave down and not convex up.


Twitter says for account takeover hacks, their bounty is set at $7k.

$7k vs $100k, you choose.


I'm trying to think of other ways to monetize this without ending in prison, and not really coming up with much...

Sure, you could short stocks and then make "Aaah, Tesla is going bankrupt!" tweets... But without an army of lawyers and accountants and money to pay them, it's hard to anonymously short stocks.

You could bribe people with publishing DM's - but again that's pretty high risk. And how do we know that hasn't already happened?

What else is there?


Maybe shorting wouldn't have been needed. Just buy from the dip and trust that the stock recovers when twitter confirms hacking. But requires a lot of cash that the attacker probably doesn't have.


Sell the exploit to someone with a bigger appetite for risk?


Way more effort and risk there, much more difficult without existing underground connections.


Why would you need to anonymously short the stock? It feels like it would be easy to get lost in the noise of regular shorts.


also any attempt at negotiation can be construed as extortion, and now they have all your info too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: