ExpressVPN has updated its bug bounty program to make it more attractive to ethical hackers. The company is now offering a one-time $100,000 bounty to anyone who can hack its systems.
One of the most widely used Virtual Private Network (VPN) products, ExpressVPN provides users with web privacy and the ability to bypass geo-restrictions.
Privacy through a VPN is achieved by bypassing the user’s internet traffic through encryption tunnels, while the user’s actual IP address is hidden behind the one provided by the VPN service. Endangering the privacy of such a system can compromise the privacy of the user.
ExpressVPN has announced that it is launching its bug bounty program, which allows security auditors and researchers to report critical vulnerabilities in the company’s infrastructure and receive the TrustedServer monetary reward in return.
TrustedServer is a custom operating system based on Debian Linux, with proprietary security enhancements, making it ideal for use in a VPN infrastructure.
In an email shared with BleepingComputer, the company stated:
This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the highest reward previously offered by ExpressVPN.
The single premium has the following conditions:
- The first person to submit a valid vulnerability, grant unauthorized access, or disclose customer data will receive $100,000. The bonus is valid until the prize is claimed.
- The bounty is only valid for vulnerabilities in ExpressVPN’s VPN server.
- All activities performed must remain within the scope of the TrustedServer platform. To confirm if your testing is in range, please contact [email protected] for confirmation.
Security researchers have also been invited by ExpressVPN to discover possible ways to leak customers’ actual IP addresses and monitor user traffic.
The bug bounty program runs through BugCrowd and provides a safe haven for researchers attempting to breach ExpressVPN’s servers.
The post ExpressVPN offers $100,000 to anyone who can hack their servers appeared first on .