When the same vulnerability has been previously reported, you should mark it as Duplicate, which then provides two options:
1) Add the second hacker as an external participant on the original report, which means the second hacker will be able to view the contents of the original report. This applies for any subsequent hackers (3rd, 4th, etc) which you add to the original report.
2) Let the second hacker know it's a duplicate, and list the original report # (e.g. report #12345) without adding them as an external participant on the original report.
It's up to your team to determine if you are comfortable with sharing the original report content, but we do recommend at least tying the second report to the number of the original report to provide accountability and Reputation gain/loss.