One of the most widely used VPN (virtual private networks) products, ExpressVPN has revised its bug bounty program to make it more attractive to ethical hackers. The firm is now offering a one-time $100,000 bounty to whoever can hack their servers. The VPN product, ExpressVPN offers users web browsing privacy and the capacity to bypass geo-restrictions.
ExpressVPN Announces a Prize for Anyone Who Can Hack Their Servers
Privacy via a VPN is acquired by evading the user’s internet traffic through encryption underpasses, while the user’s actual IP address is concealed behind the one supplied by the VPN service. Compromising the privacy of such a system can result in threatening the privacy of the user.
ExpressVPN declared that it is rolling out the bug bounty program, enabling security auditors and researchers to register critical vulnerabilities in the firm’s TrustedServer technology and receive the monetary reward in return for hacking their servers. TrustedServer is a custom-built OS based on Debian Linux, featuring proprietary security enhancements, making it perfect for usage in a VPN infrastructure.
Read more: Unidentified Hackers Stole Millions in Cash from Silk Bank ATMs in Lahore
This is the Highest Single Bounty Proposed on the Bugcrowd
Furthermore, this is the highest single bounty proposed on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN. The one-time bounty has the following requirements:
- The first person to present a valid vulnerability, presenting unauthorized access or disclosing customer data, will receive $100,000. The prize is valid until the prize has been claimed.
- The bounty is only valid for vulnerabilities in ExpressVPN’s VPN Server.
- Any movements performed should remain within the range of the TrustedServer platform. To verify if your testing lies within the scope, you can reach out to [email protected] for verification.
In addition to this, security researchers have likewise been invited by ExpressVPN to disclose possible ways to leak the actual IP address of customers and observe user traffic. The bug bounty program is operated through BugCrowd and offers a safe harbor for researchers who try to hack ExpressVPN’s servers.
Source: Pro Pakistani