Home Cyber Crime Clubhouse launches bug bounty program with $3,000 on offer for critical vulnerabilities

Clubhouse launches bug bounty program with $3,000 on offer for critical vulnerabilities


Adam Bannister

18 November 2021 at 13:40 UTC

Up to date: 18 November 2021 at 13:56 UTC

Audio-based social media platform prioritizes entry management bypasses and knowledge disclosure flaws

Clubhouse launches bug bounty platform with $3,000 on offer for critical vulnerabilities

Clubhouse, the audio-based chatroom software, has rolled out a public bug bounty program on HackerOne.

Monetary rewards for unearthing crucial flaws are pegged at $3,000, whereas ‘excessive’ severity bugs will command bounties of $1,500. Bug hunters may get $500 and $100, respectively, for legitimate ‘medium’ and ‘low’ severity bugs.

In a blog post printed to coincide with this system’s launch, Clubhouse stated: “Whereas many bug bounty applications promise excessive rewards for catastrophic-level discoveries, our strategy retains the scope broad so we will handle as many bugs as potential. To that finish, if you happen to may also help us repair bugs that would trigger hurt to our neighborhood, you’ll be eligible to earn a bounty.”

Fast rise

Clubhouse customers can arrange or be part of chatrooms to debate all method of matters with pals or strangers utilizing their system’s mic – versus through textual content, emoticons and visible memes, as has in any other case been the norm on social media.

Catch up with more of the latest bug bounty news

Launched in March 2020, Clubhouse loved spectacular development on the top of the coronavirus pandemic, with its cachet boosted by initially being invite-only and the likes of Tesla CEO Elon Musk and Meta CEO Mark Zuckerberg utilizing the platform.

The app was downloaded more than 34 million times inside a 12 months of its launch, though its development is since stated to have slowed.

In scope

The Clubhouse bug bounty program has six belongings in scope, together with net domains clubhouse.com and joinclubhouse.com, backend API clubhouseapi.com, the Clubhouse iOS and Android functions, and the manufacturing and company infrastructure of Clubhouse developer, Alpha Exploration.

The corporate is especially eager on hardening its functions towards safety flaws resulting in access control bypasses, escalation of permissions, and disclosure of delicate person data.

Its two different priorities are to bolster its infrastructure and inner “administrative tooling”.

MORE HACKING NEWS Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One exploit

Clubhouse is aiming to triage vulnerabilities inside two enterprise days of notification, and to pay bounties inside 14 enterprise days.

The app developer has already paid out greater than $10,000 to moral hackers inside just a few days of this system’s launch, with the best bounty on the time of writing $9,850.

“We’re excited to assist assist safety for a platform like Clubhouse, which is already making waves by means of the conversations they’ve prompted inside their present neighborhood,” stated Michiel Prins, co-founder of HackerOne.

“Clubhouse’s public bug bounty program will provide their in-house safety workforce steady testing assist from a various pool of expertise by means of our world neighborhood of a couple of million hackers.”

RELATED Bug Bounty Radar // The latest bug bounty programs for November 2021

Source link