Its bug bounty program now includes rewards of up to $100 000 for finding vulnerabilities in its products.
A 20-year-old man was paid to destroy the data through a so-called "bug bounty" program, say sources.
Security experts are offered a bounty to identify Android app flaws, as the Alphabet unit seeks to wipe out bugs from its Google Play store.
HackerOne's report says open source projects featured highly in bug bounty programmes launched between January 2016 and 2017.
Through the programme, researchers will examine Kaspersky Lab's flagship products for consumers and enterprises, and evaluate the results.
The firm releases a technical map of its computer and communications systems and invites hackers to find weaknesses.