Home / Hacking / Spotify Has Paid Out Over $142K To Helpful Hackers – Digital Music News

Spotify Has Paid Out Over $142K To Helpful Hackers – Digital Music News

Photo Credit: Unsplash

Spotify has paid out over $142,000 to helpful hackers to help keep its app and site secure. 

With over 232 million monthly active users, Spotify has a lot of data to keep safe. The HackerOne bug bounty program reveals Spotify has paid out over $142,000 since May 2017. Before that, the platform relied on reports to a security email inbox for external security tips. 

Spotify accepts security reports from hackers via the platform. The issue can then be checked and added to Spotify’s own internal bug tracker based on severity. Spotify’s bug resolution time is now around 24 days from disclosure to fix deployment. After the fix is deployed, hackers are paid a bounty whose value is based on the severity of the issue reported. 

Severity scoring for Spotify’s bug bounty uses the Common Vulnerability Scoring System. Spotify has resolved over 416 reports since switching to the HackerOne platform in 2017. The average bounty payout is $300, but stop of the top bounty payouts range from $875-$3,000. 

Spotify encourages responsible disclosure of bugs and security vulnerabilities of its platform. But it does ask hackers to be respectful of its end users. On the bug bounty page, there’s a list of things the company asks hackers explicitly not to do. These include:

  • Do not attack accounts belonging to an end-user.
  • Don’t run automated scans without checking first.
  • Do not test the physical security of Spotify offices.
  • Don’t test using social engineering techniques like phishing.
  • Do not perform DDoS attacks.
  • Don’t engage in trade of stolen user credentials. 

One interesting note buried in recent reporting is that Spotify admits the majority of vulnerability reports relate to sites that have been contracted out for development. The company is now working on a global Preferred Production Partner Program that uses security-focused standards for its partners. Spotify says the program also includes a set of expectations for vendors to respond to bug bounty program vulnerabilities. 

About The Author



Source link

Check Also

Hackers Rewarded with US$ 33,750 in DoD Bug Bounty Program – CISO MAG

Around 81 ethical hackers from the U.S., India, Ukraine, Turkey, and Canada participated in the …

Leave a Reply

Your email address will not be published. Required fields are marked *