Hackerone report duplicate of a later submitted report
Hello guys, I reported a vulnerability on hackerone and the triager said someone reported the exact same vulnerability on the exact same endpoint with the exact same exploit 24 hours before my report and closed it as duplicate and also gave the report ID of the original report, but the report ID of the original report is greater than the report ID of my report. That means my report is a duplicate of a report submitted after my report right? How is that possible? Also I have known about this vulnerability for over a year and reported it very recently, how is it possible that someone decided to report it exactly 24 hours before I report it when the vulnerability has existed for over a year? It seems like the triager could be lying. What can I do in this situation?
EDIT: I commented "Hello team, I noticed this report was closed as a duplicate of report #(redacted) and the report ID of my report is #(redacted). Since HackerOne uses sequential report IDs, a higher ID indicates that report was submitted after mine. Could you please check the timestamps to verify who submitted first? Additionally, would you mind using the 'Add hacker name to the original report' feature so I can follow the progress of the original submission? Thank you!", I think the triagers panicked and did something strange. Another traiger copy pasted their previous message and said my report is duplicate of report and gave a completely different report ID. when I checked in the side bar UI, I can see this report they mentioned now was reported in January 2, 2023 and closed as informative. So basically now they have said my report is a duplicate of a report submitted 3 and a half years ago which was closed as informative, WTF. They also said. "At this time, we cannot add you to the original report as the report may contain additional information that we cannot share with you. This may include personal information or additional vulnerability information that shouldn't be exposed to other users. Thank you for your understanding.
Have a great day ahead!
Best regards," . Seems like they just want the security researcher to just accept anything they say and to keep quiet.