Live Status Check

Is HackerOne Down?

Q: What is security.txt?

Standard file at domain/.well-known/security.txt specifying how to report security vulnerabilities. Typically includes contact email, PGP key for encrypted communication, policy URL, and acknowledgment policy. Useful as direct disclosure path when platform-based disclosure is unavailable.

Real-time status check for HackerOne. See if it's just you or everyone experiencing issues.

🔄

Checking HackerOne...

Testing connection to www.hackerone.com

https://www.hackerone.com ↗

About HackerOne

HackerOne is the leading bug bounty platform connecting ethical hackers with organizations to find and fix security vulnerabilities for rewards.

Category: Bug Bounty | Website: www.hackerone.com

What to Do If HackerOne Is Down

Wait a few minutes and try again. Most outages are resolved within 5-15 minutes.

Check the official status page or social media accounts for outage announcements.

Try accessing from a different network, VPN, or device to rule out local issues.

Clear your browser cache and DNS cache with ipconfig /flushdns or sudo systemd-resolve --flush-caches.

Try a different DNS resolver like 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google).

Check DownDetector for community reports about HackerOne.

Frequently Asked Questions

We attempt to load a resource from HackerOne directly from your browser. If the resource loads successfully, the service is up. If it fails, it may be down or blocking cross-origin requests. This is a client-side check from your location.

Some websites block cross-origin resource loading for security. In these cases, our check may report "unreachable" even though the site is functioning. Try clicking the direct link to verify.

HackerOne is a bug bounty service. Visit their website at www.hackerone.com for current pricing and availability information.

The status is checked in real-time each time you visit this page. Click "Recheck Now" to run a fresh check. The result reflects reachability from your current network location.

Check Status of Similar Bug Bounty Services

Browse All Status Pages

HackerOne in depth — what you need to know

HackerOne is the largest bug bounty and vulnerability disclosure platform — connects ethical hackers with organisations running bug bounty or vulnerability disclosure programs. Used by major companies (Google, GitHub, Microsoft, Department of Defense, many more) for managed vulnerability intake. Bug bounty hunters use HackerOne to find programs, submit vulnerabilities, and receive bounties.

When HackerOne is down, the impact splits between hunters and program owners: hunters cannot submit reports (in-progress findings stuck in browser), cannot access program scope or credentials, cannot receive bounty notifications. Program owners cannot triage incoming reports, cannot communicate with hunters, may miss time-bounded disclosures. Both sides have time-sensitivity considerations during outages.

For status verification: HackerOne does not publish a comprehensive public status page comparable to AWS or GitHub. Status updates typically come via the @hacker0x01 Twitter account, in-app notifications when accessible, and direct hunter/triager community channels. The lack of a comprehensive status page means using this checker plus Twitter is often the best status verification approach.

🛡️ Defence — Mr Elite

For Critical Vulnerability Submissions, Document Independently and Have Backup Disclosure Path

For critical vulnerabilities (CVSS 9+, active exploitation, time-bounded disclosure deadlines), depending entirely on HackerOne for submission creates risk. Outages mean delayed disclosure; technical issues during submission mean lost evidence; account issues mean inability to coordinate disclosure timeline. The defensive pattern: document findings independently (local PoC code, screenshots, timeline notes — not just in HackerOne report drafts), have direct contact path for the program (security@ email, alternative disclosure channel mentioned in their security.txt), save in-progress reports locally before submitting to HackerOne (browser drafts can be lost during outages), and plan time-buffered submissions for time-sensitive coordinated disclosure rather than last-minute submissions that fail if the platform is down. None of this replaces HackerOne; it ensures critical disclosures are not blocked entirely by platform issues.

Five real-world scenarios involving HackerOne

Active bug bounty hunting

Hunters use HackerOne for program research, scope checking, report submission. Outages disrupt active hunting. Have multiple platforms in your routine (HackerOne + Bugcrowd + Intigriti) so platform outages do not stop hunting entirely.

Coordinated vulnerability disclosure

Time-bounded disclosure (90-day deadlines from CERT/CC, scheduled coordinated disclosure with vendors) requires reliable platform access. Outages near disclosure deadlines need backup paths — direct vendor contact, public disclosure if necessary.

Triage workflow for program owners

Security teams running bug bounty programs use HackerOne for incoming report triage. Outages delay triage and hunter communication. Have direct contact paths (security@ email) as backup for time-sensitive vulnerabilities.

Program scope and policy verification

Hunters check program scope before testing. During outages, scope cannot be verified — testing without confirmed scope risks out-of-scope activity. Document scope before sessions to enable testing during outages.

Bounty payment processing

HackerOne handles bounty payments. Outages affect payment processing visibility. Payments queued during outages are typically processed when service resumes; documented bounty award amounts can be verified when access returns.

Common mistakes & edge cases

Drafting reports only in HackerOne's browser editor

Browser drafts can be lost during outages, browser crashes, or session timeouts. Draft reports in local markdown files, copy to HackerOne for submission. Local drafts also enable better formatting, version control, and review.

Single-platform dependency for hunting

HackerOne is one of several bug bounty platforms (Bugcrowd, Intigriti, Synack, Open Bug Bounty, YesWeHack). Hunters depending entirely on HackerOne miss programs on other platforms and lose access during HackerOne outages. Maintain accounts on multiple platforms.

Submitting time-sensitive reports at the deadline

Last-minute submissions fail when platforms have issues. For time-bounded disclosures (CERT 90-day deadlines, coordinated disclosure dates), submit with buffer time. The few-day buffer absorbs platform issues.

Not documenting the program scope before session

During HackerOne outages, scope cannot be verified live. Testing without confirmed current scope risks out-of-scope activity (legal and ethical issues). Document scope before each testing session; refer to local notes during platform outages.

Sharing reports publicly during outages

Frustration during outages sometimes leads hunters to publicly disclose findings out of impatience. This violates responsible disclosure norms and harms hunter reputation. Wait for platform recovery; use direct vendor contact if needed for genuinely time-critical issues.

Not exporting bug history periodically

Hunter portfolio (resolved reports, bounties, reputation) is hosted on HackerOne. Periodic exports preserve your work history independent of platform availability. Useful for resume material and platform-portability.

Frequently Asked Questions about HackerOne

Use the live checker above to test reachability. HackerOne does not publish a comprehensive public status page comparable to AWS or GitHub — for outage updates check the @hacker0x01 Twitter account and community reports on Twitter and bug bounty Discord servers.

HackerOne is the largest bug bounty and vulnerability disclosure platform. Connects ethical hackers with organisations running vulnerability programs. Provides scope management, report submission, communication, payment processing. Used by major companies and government agencies for managed vulnerability intake.

For programs that use HackerOne exclusively, submissions go through HackerOne. For programs that accept multiple disclosure paths (security.txt with direct email contact), you can submit via email — useful during HackerOne outages. Most programs have a security.txt at domain/.well-known/security.txt with direct contact info.

Both major bug bounty platforms with overlapping but different program rosters. HackerOne tends to have larger publicly-disclosed program list; Bugcrowd has strong presence in private and corporate programs. Many hunters use both platforms — different programs are exclusive to each.

Each program has a "Scope" tab listing in-scope assets, types of testing allowed, and out-of-scope items. Always check before testing. Scope changes occasionally — re-check before each engagement, especially for time-bounded sessions.

HackerOne assigns reputation points based on report quality, severity, and program response. Higher reputation unlocks access to private (invite-only) programs. Reputation history is public on hunter profiles. For serious bug bounty hunters, building reputation is part of the long-term career strategy.

Yes — payment processing depends on platform availability. Payments queued during outages process when service resumes. The actual financial settlement (PayPal, bank transfer, crypto) happens through standard payment infrastructure once HackerOne queues the payment.

Yes — profile settings include report export. Useful for portfolio, resume material, and personal records. Export periodically; do not depend on platform availability for accessing your own work history.

Standard file at domain/.well-known/security.txt specifying how to report security vulnerabilities. Typically includes contact email, PGP key for encrypted communication, policy URL, and acknowledgment policy. Useful as direct disclosure path when platform-based disclosure is unavailable.

Three preparations: (1) Maintain accounts on multiple platforms (Bugcrowd, Intigriti) so single-platform outages do not stop hunting, (2) Document program scope and contact info before testing sessions, (3) Draft reports locally in markdown rather than only in browser editor, (4) Note direct security.txt contact paths for programs you actively work with — useful for time-critical disclosure during platform outages.

Lokesh N. Singh aka Mr Elite Founder, Securityelites · Penetration Tester · Educator

HackerOne is excellent platform infrastructure for managed bug bounty and vulnerability disclosure — most of the major programs run on it for good reasons. The defensive consideration for hunters is having backup paths: multiple platforms in rotation, local drafts of reports, documented direct-contact paths via security.txt for time-critical disclosures. None of this replaces HackerOne in normal operation; it ensures that platform outages do not block your critical work. For program owners, the consideration is similar — direct security@ contact email and prompt response to outage-period emails maintains responsible disclosure flow even when the bug bounty platform is having issues. The infrastructure literacy is consistent across all platforms: convenience and dependence are different things; convenient platforms with backup paths protect against single-platform failures.