LinkedIn recently announced the launch of a public LinkedIn bug bounty program to replace the invite-only program that had been in place since 2014. The HackerOne – hosted program enables hackers to test the primary web domain, LinkedIn.com, as well as the LinkedIn API and Android and iOS mobile applications, for security issues.
Under the LinkedIn Bug Bounty Program, Hackers that will be able to discover critical security vulnerabilities on the business-oriented social networking site will be rewarded between $5,000 and $15,000, while high severity flaws will be rewarded between $2,500 and $5,000, and medium severity issues will be rewarded between $250 and $2,500.
“Our security team strives to provide a safe and secure experience for our 830 million members and customers by quickly addressing security vulnerabilities, constantly improving our defenses, and safeguarding our product development process. Because of the program’s success, we have decided to make the program public and expand participation to anyone wanting to report potential security vulnerabilities,” said LinkedIn in a blog post.
What does the LinkedIn Bug Bounty Program include?
Implementation and design issues that have a significant effect on LinkedIn customer’s data or infrastructures, such as cross-site scripting (XSS), access control, authentication, cross-site request forgery (CSRF), SQL injection, and server-side code execution security flaws, are included in the scope on the Microsoft-owned platform.
Since its inception, the private program has awarded approximately $250,000 to nearly 500 submissions spanning the LinkedIn user platform and mobile apps.
It is also important to note that in 2021, LinkedIn, which connects users and job possibilities, was the source of two massive data leaks, affecting 500 million and 700 million users, respectively, however, both were traced to the scrapping of public web pages instead of cyber-attacks.
Interested people can check more details about the LinkedIn Bug Bounty Program here.