The Stack Archive

Pornhub offers $25,000 to expose security flaws

Wed 11 May 2016

PornHub bug bounty

Pornhub, the ‘premiere destination for adult entertainment’, has launched a bug bounty program. Notifying the site of a previously unknown security issue could net a user a reward ranging from $50 to $25,000, depending on the seriousness of the flaw that is exposed.

To qualify for the reward, a user must bring a brand-new security issue to the attention of site security. Testing of the site cannot result in any interruption of service, nor can one use scripted or automated testing. Hackers are required to report findings immediately, within 24 hours of discovery, and to protect any user data that is accessed through discovery of security problems.

Pornhub is ranked #3 of adult websites by SimilarWeb, with over 1 billion monthly visits over the last six months. Last October, Pornhub was hit with a malware attack that accessed the site through their advertising network. At that time, a statement from MindGeek, the site owner, said, “Providing an optimal and secure customer experience is of topmost priority for Pornhub, and our organization has taken the necessary steps to protect our customer’s enjoyment without the threat of infection.”

Corey Price, Vice President of Pornhub, said of the bounty program, “Like other major tech players have been doing as of late, we’re tapping some of the most talented security researchers as a proactive and precautionary measure – in addition to our dedicated developer and security teams — to ensure not only the security of our site but that of our users, which is paramount to us. The brand new program provides some of our developer-savvy fans a chance to earn some extra cash – upwards to $25K – and the opportunity to be included in helping to protect and enhance the site for our 60 million daily visitors.”

Pornhub joins other websites offering public bug bounty programs, including Bing, GitHub, Google, and Uber. A 2013 study of the effectiveness of bug bounty, or vulnerability rewards programs (VRPs) found that they are economically efficient, whether offering fixed rewards or low-expected, high-possible payouts, like the Pornhub program. The researchers also found that crowdsourcing vulnerability studies led to a higher diversity of types of security flaws that were exposed, compared to the results from an internal company security team. According to hackerone.com, where the Pornhub bounty program was originally announced, 23 reports have been resolved to date.


business cybercrime hacking malware news security
Send us a correction about this article Send us a news tip