Pornhub Announces Bug Bounty Program With Reward Up To $25000

With growing number of cyber attacks, many organizations have already started focusing on security to protect their data from hackers. Companies like Facebook and Google also take this seriously and run a bug bounty program to allow security researchers finding bugs in their products and earn reward.

Now, pornography site Pornhub has also started its bug bounty program to ensure security of its platform. In this bug bounty program, it invites hackers and security researchers around the globe to find and report security vulnerabilities in its website. It will pay from $50 to $25000 depending on the impact of vulnerability.

“You will qualify for a reward if you are the first person to report an unknown issue. PornHub team will take around 30 days to respond a reported bug and up to 90 days to fix the issue. Once the issue is fixed, you will be rewarded,” company posted on its blog.

For this bug bounty program, it has partnered with hackerOne which also runs bug bounty program of companies like Yahoo, Twitter, Slack, Dropbox, Uber and General Motors.

If you are a security researcher and want to participate in this bug bounty program, you just need to visit HackerOne and start finding security vulnerabilities. You will qualify for a reward if you are the first person to report an unknown issue. PornHub team will take around 30 days to respond a reported bug and up to 90 days to fix the issue. Once the issue is fixed, you will be rewarded.

To qualify for a reward under this program, you should:

• Be the first to report a vulnerability.
• Send a clear textual description of the report along with steps to reproduce the vulnerability.
• Include attachments such as screenshots or proof of concept code as necessary.
• Disclose the vulnerability report directly and exclusively to us.

It is worth to note that company is currently focusing on serious bugs that could compromise its server and entire website. Bugs including CSRF, information disclosure, XSS via post, HTTPS related issue, missiing SPF and session timeout are out of scope.

While company has announced this bug bounty program 2 days back, we found that company was running this program on Hackerone for over 11 months. In this time period, around 23 reports have been resolved and 5 hackers won biunty from PornHub.