Pornhub is offering up to $25,000 to individuals who can hack its website. The porn site publicly invited hackers to attack its website with the objective of revealing any security issues in its system, in exchange for cash.
The Bug Bounty Program
Hackers who successfully compromise the system may be paid anywhere between $50 and $25,000, depending on the severity of the discovered bug. The recent bug bounty program follows the private beta version that launched in 2015, which revealed several issues that were successfully fixed.
"Like other major tech players have been doing as of late, we're tapping some of the most talented security researchers as a proactive and precautionary measure – in addition to our dedicated developer and security teams – to ensure not only the security of our site but that of our users, which is paramount to us," Core Price, vice president of Pornhub, stated in a press release.
How to Report the Bug
CNBC reported that interested individuals, known as “white hat hackers” or good hackers, should initially report the vulnerability. They should clearly describe the issue and indicate how to reproduce the vulnerability.
The bug should be exclusively shared to Pornhub with proof of concept code or screenshots. After Pornhub receives the information and affirms that it poses a threat to their system, payment will be made to the hacker through HackerOne, a service that lets companies host their own bug bounty programs.
Pornhub also provided guidelines on the bug bounty program, which include prohibiting individuals from executing denial of service attacks that can lead to issues on the website and overload a server. Physical attacks against data centers and offices are also prohibited.
Rules and Rewards
Hackers should abide by the stipulated rules of hacking to avail of the monetary rewards. The Pornhub security team will respond to the report within 30 days. A fix will be implemented within 90s days depending on the severity of the issue.
Esquire noted that several other online sites have also hired hackers to reveal issues and vulnerabilities in exchange for cash. Some of the companies that used bug bounty programs include Yahoo, Facebook, Microsoft, Uber and Google.
Similar to Pornhub’s offer, the amount will depend on the severity of the bug found. In 2016, Uber offered hackers up to $10,000, while Google offered up to $20,000.
Recently, Google upped its award for Chromebook to $100,000. Google is among the top companies that hire hackers regularly.