LinkedIn Bug Bounty Program Becomes Available To The Public

The Microsoft-owned social networking giant LinkedIn has stepped up to welcome further security improvements. Specifically, LinkedIn has now made its private bug bounty program on HackerOne available for the public to participate.

LinkedIn Bug Bounty Program

As announced via a recent post, the popular social media platform LinkedIn has now formally announced its bug bounty program.

LinkedIn is one of the largest social platforms known for professional networking. It currently boasts over 830 million users.

This massive user base naturally attracted cybersecurity threats. Hence, the platform kept appearing for breaches, bugs, and data scraping in the news. Nonetheless, the service continued working to strengthen its security, and now, they have moved on to welcoming bug reports from everyone.

As elaborated, the platform already had a bug bounty program running since 2014 on HackerOne. However, it was a private, invite-only program. But now, the platform has opened it up for everyone to participate, as long as the bugs fall into the approved categories.

Since 2014, our private bug bounty program with HackerOne, which connects businesses with cybersecurity researchers, has been a key part of our product security efforts having awarded more than $250,000 across nearly 500 submissions covering the LinkedIn member platform and mobile applications.

According to its HackerOne page, the program accepts bug reports regarding XSS, CSRF, SQL injection, server-side code execution, authentication issues, and access control vulnerabilities. Whereas denial of service, social engineering, clickjacking, password complexity, and other similar issues that do not directly impact the LinkedIn infrastructure remain out of scope.

As for the bounties, here’s what LinkedIn offers, depending upon the bug severity.

  • Low: $100 – $250
  • Medium: $250 – $2500
  • High: $2500 – $5000
  • Critical: $5000 – $10000

So now, the aspiring and professional bug bounty hunters have one more opportunity to test their skills and win bounties. Users interested in this program can visit LinkedIn’s HackerOne page to know the program details and participation guidelines.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients