Yelp Launches Bug Bounty Program for White Hat Hackers


 White-hat hackers, pay attention. Review site Yelp has publicly announced a bug bounty program where a top payout can reward security researchers with up to $15,000.

Yelp has launched a public bug bounty program, encouraging hackers around the world to find bugs and vulnerabilities within its website and mobile applications. For their work, researchers will get a guaranteed minimum payout of $100 for every accepted report.

That scales up, however, as any critical flaw that resembles a more substantial threat to Yelp can see a researcher rewarded with a maximum of $15,000.

Launched in partnership with bug bounty platform HackerOne, Yelp is opening up its previously privately-run bug bounty program to the wider public domain. In the past, over 100 vulnerabilities were discovered by researchers privately. The review site had previously paid out over $65,000 as rewards for the uncovered vulnerabilities.

Related article: Hackers Gain $1 Million iOS Bug Bounty Prize

A webpage dedicated to the bug bounty program by Yelp is now available on the platform, with updates on payouts and more.

The existing security team at Yelp adds that it is “committed to working with security experts from all over the world”, insisting that it is ready to work with hackers who find security issues with any part of Yelp’s entire platform.

Furthermore, the review site is pleading with hackers to play within the guidelines of the bug bounty program. “Please be nice to us,” Yelp stated, fully aware of the caliber of talent it is attracting from around the world.

“We want you to bring out your bug guns, but hold off on actually breaking anything. Please avoid DDoS’ing us or breaking or services while you’re testing.”

Averaging over 70 million unique visitors at its desktop site with another 63 million uniquely visiting its mobile application, the bug bounty program covers the main website as well as its business-owners domain, the reservation platform, apps, corporate blogs, support center, APIs and more.

White hat hackers who are up for the challenge are advised to check out additional insights of the bug bounty program here.

Image credit: Facebook/Yelp.