6 Companies That Will Pay You to Hack

by Modis on June 22, 2017

computer security hack unlockedNintendo recently offered a handsome reward to hackers that can find Switch security flaws. Nintendo wants to find security holes before anyone else. This way, the company can prevent pirated copies of Switch games. This is not the first time that Nintendo has offered a hacking reward – the company did so previously with the Nintendo 3DS.

Nintendo uses the Hacker One website to obtain software security information and to pay hackers. The San Francisco-based platform has a roster of more than 800 corporate clients. Many of those clients have paid out thousands to hackers. The site is used by a plethora of companies, including Yahoo, Adobe, Twitter, Dropbox, Nintendo, and others.

Here’s a list of companies paying top-dollar to skilled hackers.

  1. Nintendo. As mentioned above, Nintendo is serious when it comes to securing software. Pirated games means less money for the company, so dropping thousands on hackers that can find security flaws before games are ripped pays off.
  2. Uber. Uber can’t stand any more bad press. Keeping client and driver information secure is a top concern. The company will pay up to $10,000 for any code vulnerabilities.
  3. Tesla. A team of Chinese researchers managed to take control of an automated Tesla last September. Since then, Tesla’s eccentric CEO, Elon Musk, has hired some of the best hackers available. But if you can find a security flaw written into Tesla’s code, you can stand to gain thousands from alerting Musk and company.
  4. Google. Google paid $3 million to hackers in 2016. The company still makes decent sized payments to anyone that finds a flaw not discovered by Google’s internal security team.
  5. Microsoft. At present, the company is paying up to $15,000 to uncover Office 2016 vulnerabilities.
  6. Dropbox. In 2015, Dropbox paid hackers – instead of punishing them – for finding major security flaws. Now, the company makes regular payments to anyone that uncovers major holes.

Submitting a Security Flaw Report

The bug submission competition is tough. Companies want a complete report in exchange for top dollars. It’s best to take a screenshot, detail (bullet points work) how you discovered the flaw, exactly, and proof that you can replicate the hack (include dates and times).

Providing the most detailed blueprint possible is the best way to get paid. You also have to uncover a flaw that hasn’t already been noted.

A Word of Caution

Many companies pay hackers to find flaws. That said, some companies do not want hackers poking around in code. It is best to only submit vulnerabilities to companies that have a bounty program set up (like HackerOne).

Otherwise, you could be looking at criminal charges; in the past, companies such as Sony and AT&T have publicly prosecuted hackers who uncovered security flaws. Here are some known bounty programs that you can legally submit flaws through.

Some additional companies have set up “bug bounty” rewards programs too. A quick Internet search will let you know which companies welcome (and pay for) security flaw information and which ones don’t.

Lucrative or Not?

You have to find a major security flaw to get big bucks. That said, hacking for fun can be a good way to earn a few dollars on the side. The goal of becoming a “bug bounty hunter” isn’t to make millions, it’s to help secure popular programs and platforms.

Companies that work toward this goal often make it worth your time and effort – not to mention the warm fuzzy feeling you’ll get from reporting a flaw that could cripple the connected world.

Leave a Comment

Previous post:

Next post:

Modis