Are you a virtual bounty hunter on the lookout for some online bugs that affect websites? If you answered yes, then you will be pleased to learn that consumer review website Yelp will offer you up to $15,000 as bug bounty.
Yelp kicked off its bug bounty program on Tuesday, Sept. 6. The program is in coordination with HackerOne, the bug bounty platform, and invites "nice hackers" to check out Yelp's mobile app and websites for possible vulnerabilities that may affect businesses and reviewers alike.
The bug bounty program from Yelp on HackerOne is essentially a public expansion of the system the site has run covertly for the past two years. The private program was only open to select researchers who exposed more than 100 vulnerabilities. These researchers' primary focus was Yelp's website and they earned $65,160 in total for finding bugs.
Now, thanks to Yelp's public expansion of the bug bounty program, everyone will be able to test Yelp's products and sites. The notion behind inviting everyone is to find all possible vulnerabilities that exist.
"It's a big world and we believe that working with skilled security researchers from all corners is the key to identifying the weaknesses in any technology. If you think you have found a security issue in our product, it could be your lucky day. Let us know via our bug bounty program on HackerOne and we'll work with you to fix it," notes Yelp.
Yelp's main area of concern are the Yelp reviews, which can make or break a business. The site wants exploits that for example may enable the alteration of a review to be brought to notice by hackers. Yelp also wants to ensure that private data such as a user's payment details, personal information and email addresses remain secure.
It is also looking to protect the privacy of business owners and asks bounty hunters to check for issues that may allow one to maliciously mimic an owner, which may include employees who could potentially have access to the business account of the company.
So What's The Payout?
Yelp will be offering a minimum payout of $100. This is for every report accepted by the site. Ethical hackers stand to gain a maximum of $15,000 as reward for uncovering and reporting critical and complex flaws that could potentially wreak havoc.
What Does The Program Cover?
The bug bounty program not only covers Yelp's main page, but also the websites of a business owner, reservation portals, company/engineering blogs, apps, support centers, as well as Yelp's API.
Eat24, the food delivery service from Yelp, is not covered as it likely stores customers' credit card details.
How To Get Bug Hunting
Yelp has mapped the program to enable hackers to get started. It highlights certain key areas that could be vulnerable. Check out the bug bounty map at this link.
The San Francisco-based company requests that hackers be nice to them and "hold off on actually breaking anything" while testing.