Announcing New Bug Bounty Bonuses!

Lindsey Glovin, Senior Security Analyst, Product Security

Hello Hackers!

Since our program launched nearly three years ago, we’ve seen a ton of unique exploits and impressive hacks. Some of our favorites can be found here and here.

Today, we’re announcing new bonuses for reports submitted during the months of April and May 2019. Specifically, for all high or critical severity reports, we’ll award a $1000 bonus for each separate bug used in a chain of vulnerabilities.

Here’s how it works:

• Each bug MUST be required in the chain to qualify for the bonus
• Extra bugs included in the report that are not required to exploit the vulnerability do not count toward bonus.
• If the overall vulnerability does not meet High or Critical severity, it will receive a normal bounty [does not qualify for this promotion].

To top it off, we’ve got some extra bonuses for reports you submit in April and May:

• Report with the longest chain: + $5000
• Most impactful report: + $5000
• Most unique exploit: + $2500

All bounties will be paid normally in April and May regardless of whether or not they qualify for this promotion. We will award bonuses for all qualifying reports and determine extra bonus winners by June 14th.

We can’t wait to see what you come up with. Happy Hacking!