PayPal Thanks Hackers with $1 Million in 7 Months on HackerOne
This blog post was written and contributed by Ray Duran on behalf of the PayPal security team.
The security team for PayPal’s digital payments platform is tasked with protecting the financial and personal information of 267 million active accounts, in more than 200 markets around the world. Security has always been a top priority for our business, ingrained into the fabric of everything we do. In 2012, we launched a bug bounty program attracting hundreds of security researchers in 48 countries in the first year.
After many successful years, in 2018, we partnered with HackerOne to engage the largest community of researchers and bug hunters in the world -- instantly growing our community from approximately 2,000 researchers to over 300,000 registered. Within the first six months, we received contributions from 890 researchers from 56 countries, compared to 365 researchers from 54 countries in the prior six months.
In addition to being able to work with a broader more diverse set of researchers, HackerOne has enabled us to process bounty awards for qualifying submissions faster and get direct feedback from researchers on how to further improve our program. PayPal’s top bounty award has recently increased to as much as $30,000 for a highly challenging remote code execution (RCE) vulnerability.
As we pass the milestone of $1 million in awards on the HackerOne platform, it is much more than a dollar figure to us; it is a metric that reflects the incredible, relentless efforts of the hacker community, the impressive results they continue to produce, and the dedication of our security team to resolve these bugs quickly. We’d like to spotlight some of the top contributors to our program, including sergeym, bagipro, princechaddha, sandeep_hodkasia, k1ra, mhamed_kchikech, and Rahulr4j. Thank you for your dedication, hard work, and collaboration!
What’s to Come
We look forward to an expanding scope of the program to include PayPal’s new holdings, new campaigns, and much more. Keep an eye out for updates!
Get Involved & Get to Know Us
To learn more about our scope, payouts, and to start reporting bugs, visit our program page at https://hackerone.com/paypal.
The 8th Annual Hacker-Powered Security Report