A gray hat hacker is a term for a kind of hacker that isn’t a black or white-hat hacker but is somewhere in between. They have a good knowledge of hacking and will use this knowledge for personal purposes and profit but do not use this knowledge for crime.
The gray hat hacker would regularly help companies look for any security vulnerabilities and charge them for the fix — similar to the white hat hacker. But unlike the white hat hackers who are altogether good and use legal, ethical methods, the gray hat hacker employs unethical tactics and tools.
Think of the gray hat hacker as a freelancer trying to make a name for themselves in the world of cybersecurity, so they often will approach these companies without any formal contract or contact to offer their help.
Example of gray hat hacking
In 2013, Khalil Shreateh, a computer security researcher, was able to hack Mark Zuckerberg’s Facebook profile. He discovered a glitch that granted him access to post to anyone’s Facebook wall, and he of course, reported it to Facebook.
The social media company paid no mind to his report, so Khalil made the move to prove it himself. He used the loophole to post on Mark Zuckerberg’s wall. Facebook then demanded to know how he managed to find the bug but declined to pay him the bug bounty.