Express VPN has updated its bug bounty program to make it more inviting to ethical hackers. The company is now offering a one-time $100,000 bounty to whoever can hack its systems.
One of the most widely used Virtual Private Network (VPN) products, ExpressVPN offers users web browsing privacy and the ability to bypass geo-restrictions.
Privacy through a VPN is achieved by bypassing the user’s internet traffic through encryption tunnels, while the user’s actual IP address is hidden behind the one provided by the VPN service. Compromising the privacy of such a system can result in jeopardizing the privacy of the user.
Read also: Auto sector posts robust sales in seven months
Express VPN announced that it is launching the bug bounty program, allowing security auditors and researchers to report critical vulnerabilities in the company’s infrastructure and receive the monetary reward in return, Trusted Server.
TrustedServer is a custom-built OS based on Debian Linux, featuring proprietary security enhancements, making it ideal for use in a VPN infrastructure.
In an email shared to Bleeping Computer the company stated:
This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN.
The one-time bounty has the following conditions:
The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive $100,000. The bonus is valid until the prize has been claimed.
The bounty is only valid for vulnerabilities in Express VPN’s VPN Server.
Any activities performed should remain within the scope of the Trusted Server platform.
Security researchers have also been invited by Express VPN to uncover possible ways to leak the actual IP address of clients and monitor user traffic.