Twitter Announces Bug Bounty Program, Will Pay $140 for Each Vulnerability Reported

Following the major hack of privacy, twitter announces a bug bounty program in order to check its unseen vulnerabilities regarding the security issues of its online presence. This bounty program pays the security researchers for reporting the threats and bugs on twitter through HackerOne.

“Maintaining top-notch security online is a community effort, and we’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues. To recognize their efforts and the important role they play in keeping Twitter safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities.” Says twitter through HackerOne.

The reward announced is minimum of $140USD and will be given to the qualifying vulnerabilities reported by eligible hackers. However there is no maximum reward announced. The reward amount may vary depending upon the severity of the bug reported.

As this is not like a competition, there is no limit to the number of rewards to be given. Each qualifying vulnerability will get rewarded and this process will continue till the program is active.

Eligible Applications:

Twitter only rewards security research and vulnerability reporting on the following applications.

1. *.twitter.com
2. Twitter for Android
3. Twitter for iOS

Vulnerabilities reported on other applications are not eligible for monetary reward as long as they are not added under the scope. However the bug reporters regarding the non-eligible applications would be featured in HackerOne’s Hall Of Fame.

How to Report a Vulnerability?

There is a only way to report a vulnerability to get the monetary reward, that is through HackerOne’s reporting tool which can found on HackerOne.com/twitter.

You will have to create an account on HackerOne.com in order to report a vulnerability.

It is not advised to report personal hacked issues like unintended tweets, abuse, harassment, spam or phishing. Twitter provide support information regarding those issues separately.

Qualifying Vulnerabilities

The designs and implementations that effects the security of twitter substantially are eligible vulnerabilities. Some of the example of such kind are:

• Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF)
• Remote Code Execution (RCE)
• Unauthorized Access to Protected Tweets
• Unauthorized Access to DMs

Non-Qualifying Vulnerabilities

All bugs are not considered under the twitter’s monetary reward category. The severity and impact of the vulnerability are measures followed in rewarding a bug report. However, as told before, all vulnerability reporters will be featured in Hall Of Fame.

Unleash the hacker in you, earn a reward and the Hall Of Fame honor by Twitter.