Pornhub, one of the largest porn websites in the world, has launched a bug bounty program in partnership with HackerOne. Rewards for finding flaws in the website range from $50 (approx. Rs. 3,300) to $25,000 (approx. Rs. 16,65,700). In order to qualify for the reward, security researchers have to meet a number of requirements. These include being the first to report a technical security vulnerability directly related to Pornhub’s infrastructure and send a textual description of the report along with the steps to reproduce the vulnerability. Researchers should also include attachments such as screenshots or proof of concept code. In addition, vulnerability report should be sent directly and exclusively to Pornhub.
Pornhub notes that the bug bounty program is limited to technical security vulnerabilities of Pornhub services. Activities that would “disrupt, damage or adversely affect any third-party data or account is not allowed”. Pornhub prohibits the use of Denial of Service attacks and physical attacks against its offices and data centers. In addition, social engineering the company’s service desk, employees, or contractors is also prohibited and so is compromising a user or employees account.