ExpressVPN’s bug bounty program has been revamped to make it more appealing to ethical hackers. The corporation is now offering a $100,000 one-time reward to anyone who can penetrate its systems.
ExpressVPN, one of the most popular Virtual Private Network (VPN) solutions, provides customers with online surfing privacy and the ability to circumvent geo-restrictions.
A VPN provides privacy by bypassing the user’s internet traffic via encryption tunnels, while the user’s true IP address is disguised behind the one given by the VPN provider. Compromising the privacy of such a system may jeopardize the user’s privacy.
ExpressVPN has announced the creation of a bug bounty program, which will allow security auditors and researchers to disclose serious vulnerabilities in the company’s infrastructure and get a monetary reward in exchange, according to TrustedServer.
TrustedServer is a custom-built operating system based on Debian Linux that includes proprietary security features that make it appropriate for use in a VPN infrastructure.
According to an email obtained by BleepingComputer, the business stated:
This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN.
The one-time bounty has the following conditions:
- The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive $100,000. The bonus is valid until the prize has been claimed.
- The bounty is only valid for vulnerabilities in ExpressVPN’s VPN Server.
- Any activities performed should remain within the scope of the TrustedServer platform. To confirm if your testing lies within the scope, you can reach out to [email protected] for confirmation.
ExpressVPN has also asked security experts to investigate potential methods of leaking clients’ actual IP addresses and monitoring user activity.