Many big companies and vendors have bug bounty programs which encourage independent researchers in locating and disclosing vulnerabilities. Pornhub has just joined the bug bounty initiative, as it just launched a program on HackerOne’s platform, which aims to protect and enhance the site for their 60 million daily visitors.
Specifics about Pornhub’s Bug Bounty Program
Pornhub’s bug bounty program will reward white hats between $50 and $25,000. For now, rewards will be given only for flaws found on its main website. However, bug hunters will have to comply with several rules and restrictions if willing to participate in the program.
One of the rules is disclosing vulns straight to Pornhub. A payout won’t happen, if the researcher has disclosed the bug anywhere else. Furthermore, vulnerabilities must be reported not later than 24 hours from the time of discovery.
Interestingly, Pornhub has been handing out payments to bug hunters for several months now, but the bounty program wasn’t made public until May 10.
Multiple adult and dating websites have been attacked, resulting in the exposure of users’ accounts on the Dark web. One great example is from last month, when a hacker offered for sale a batch of 3.8 million email addresses and hashed passwords harvested from Naughty America.
Other recent attacks on adult and dating pages include:
BeautifulPeople’s Breach
Ashley Madison’s Hack
Why Is Pornhub Joining Google and Other Big Companies in the Bug Bounty Initiatives?
Corey Price, Pornhub’s vice president, has already said that protecting their users’ privacy is paramount to them. In addition, Pornhub was already hit by a malvertising campaign back in October 2015.
Not to mention that, with its base of 1,1 billion visitors, the porn website is very luring to attackers to spread malware.