Clubhouse, the audio-only social media app has recently received some new features like Replays, download audio creators, and more. Apart from that, Clubhouse bug bounty program has also been launched at HackerOne platform.
Clubhouse is an audio-based social media app that was launched in March 2020. It’s a new form of voice-based social product that lets individuals all around the world communicate, share experiences, develop ideas, build connections, and meet interesting new people. Due to the coronavirus outbreak, Clubhouse’s cachet was bolstered by the fact that it was initially invite-only and that it was used by Tesla CEO Elon Musk and Meta CEO Mark Zuckerberg.
In a blog post published to coincide with the program’s launch, Clubhouse said: “While many bug bounty programs promise high rewards for catastrophic-level discoveries, Clubhouse Bug Bounty Program keeps the scope broad so we can address as many bugs as possible. To that end, if you can help us fix bugs that could cause harm to our community, you’ll be eligible to earn a bounty.”
Clubhouse Bug Bounty Program
The web domains clubhouse.com and joinclubhouse.com, the backend API clubhouseapi.com, the Clubhouse iOS, and Android apps, and the production and corporate infrastructure of Clubhouse developer Alpha Exploration are all covered by the Clubhouse bug bounty program. The organization is especially concerned with protecting its applications against security problems that could lead to access control bypasses, permission escalation, and the disclosure of sensitive user data. Its two other goals are to improve its infrastructure and internal “administrative tooling”.
“Clubhouse’s public bug bounty program will offer their in-house security team continuous testing support from a diverse pool of talent through our global community of more than 1 million hackers. We look forward to seeing the program’s results and how insights from the program will shape Clubhouse’s overall cybersecurity strategy,” said Michiel Prins, Co-Founder at HackerOne.
Clubhouse Bug Bounty Program rewards will be in the range of $100 to $3000. Critical defects will be rewarded with $3,000, while ‘high’ severity problems will be rewarded with $1,500 in cash. Valid ‘medium’ and ‘low’ severity bugs might earn bug hunters $500 and $100, respectively. Clubhouse intends to triage vulnerabilities within two business days of being informed and payout rewards within 14 days. Within a few days of the program’s inception, the app developer had already paid out more than $10,000 to ethical hackers.
For this program, Clubhouse has teamed with Hackerone, which also includes a Safe Harbor Clause that protects the security researchers from legal ramifications. Hackers who are interested in Clubhouse Bug Bounty Program can sign up on the HackerOne website.