Skip to main content
Hacker Email Alias

Organizations: All hackers have an email alias on HackerOne

Updated over a month ago

All hackers have an email alias on HackerOne that forwards any emails to their actual email address. This provides an easy way for programs to contact hackers to share credentials and information regarding how to set up custom workflows without having to access their actual email addresses. Programs no longer have to share credentials through Excel spreadsheets, shared documents, or other means.

How It Works

  1. Upon the creation of a hacker account on HackerOne, hackers will automatically have an email alias generated based on their username.

    • Email aliases will be in the form of: [username]@wearehackerone.com

  2. Programs can email the hacker using the hacker’s email alias to share special credentials or to communicate with the hacker.

  3. The email will automatically be forwarded to the hacker’s actual email address.

Multiple Aliases

A Hacker can have multiple wearehackerone email aliases tied to their HackerOne account. This enables hackers to create multiple test accounts on your program to be able to test different attack vectors on different account levels without having to create multiple HackerOne profile accounts. Hackers can use multiple email aliases by using [username]+[any_identifier]@wearehackerone.com.

FAQ

Question

Answer

What happens if a hacker changes their username?

The email alias will automatically update with the new username.

What happens if a hacker changes their email address on HackerOne?

The emails will be forwarded to their new, correct email.

How can I share credentials with all hackers in my program?

Go to your Invitation settings (Settings > Program > Invitations) to see the list of hackers in your program. You can email each hacker at [username]@wearehackerone.com.

Can I send attachments?

Yes! There is a size limit of 8MB total for all attachments.

Emails with larger attachments will not be sent at all. If you need to send larger files, consider using Google Drive or Dropbox links to ensure deliverability.

Did this answer your question?