Pornhub bug bounty program will pay hackers up to $25,000

pornhub-bug-bounty

Adult website Pornhub now has something in common with Google, Microsoft, Facebook and other titans of technology – a bug bounty program to reward ethical hackers.

Pornhub officially debuted its bug bounty program, with rewards between $50 and $25,000, on the HackerOne platform this week.

The company says the program is currently limited to vulnerabilities on its main website; “other properties and applications” are not eligible for the program at this time.

Corey Price, Pornhub vice president, said the program will help “protect and enhance the site for our 60 million daily visitors.”

To qualify for a reward, bug hunters need to obey a set of rules and restrictions, including agreeing to disclose vulnerabilities “directly and exclusively” to Pornhub – bug hunters cannot get a payout if they report the bugs “anywhere else.”

Bugs must be reported within 24 hours of discovery, and bounty hunters need to be the first to report a vulnerability to win a reward.

According to its page on HackerOne, Pornhub began rewarding bug hunters 11 months ago, and has resolved 23 bug reports since then – although the Pornhub bug bounty program was only made public on HackerOne on Tuesday, 10 May.

Pornhub is the 38th most popular website in the world and the third-ranked adult website, according to traffic ranking service SimilarWeb.

With over 1.1 billion site visitors in April 2016, Pornhub could be an attractive website for hackers looking to spread malware.

In October 2015, Pornhub was hit by a malvertising attack, along with popular porn sites YouPorn and XHamster.

As is the case with most malvertising, the malware attack did not compromise the websites, but a third-party ad network.

Protecting the security of its website and its users is “paramount to us,” Pornhub said in a press release.

Several adult and dating websites in recent months have apparently been compromised, and millions of users have had their account details offered for sale on the dark web.

Last month, a hacker on a dark web forum was offering a batch of 3.8 million email addresses and hashed passwords stolen from the porn website Naughty America, for about $300.

And 237,000 user account details including plaintext passwords from the porn site TeamSkeet were put up for sale on a dark web forum for just $400.

At those rates, hackers would be much better off staying on the straight and narrow and seeking payouts from a legitimate bug bounty program.