Vinted/Vinted - Bug Bounty Program/Detail
Detail Updates Leaderboard
sort by
Last published
Descoped VintedPay
2/19/2026, 8:49:58 AM (about 1 hour ago)

Apologies researchers, due to some issue we are temporaly removing vintedpay from scope. Will share an update as soon as it is back.

Scope expansion!
2/19/2026, 7:47:04 AM (about 2 hours ago)

Hi researchers, I have a small update ☺️

We’ve expanded our bug bounty scope and added a new in-scope asset: vintedpay.com. You can now start testing our payments web application, in addition to the existing marketplace targets.

Please review the updated scope and rules before testing, and continue to report findings through the usual program channel with clear reproduction steps and impact.

Thanks for helping us keep our systems secure.

Happy New Year, researchers! 🎉🥳
1/6/2026, 1:47:33 PM (about 1 month ago)

New year, new rules—same curiosity, slightly bigger bounty energy 😄

We’ve got a few important updates to share:

1) Vinted.com moved to Tier 1 🚀💰
That’s right—Vinted is now Tier 1, which means increased bounties for qualifying vulnerabilities. If you’ve been saving something spicy for “later”… consider this your sign 👀🔥

2) Introducing a new Tier for Scam reports 🕵️‍♀️🎭
We’ve added a dedicated Scam Tier, and we’re very welcoming new submissions about scams targeting our users/brand (phishing, fake domains, impersonation, fraudulent apps, etc.). If it’s valid and actionable, we pay for it ✅💸

3) Heads up: Tier list + In-Scope table updated 🧾🔄
Please double-check our Tier list and the In-Scope table before testing/submitting—there have been changes, and we’d hate for you to spend time on something that’s no longer in scope 🙏😅

As always: clear repro steps, solid evidence, and a tidy write-up make everyone’s life easier ✍️✅

Thanks for helping us start the year stronger—happy hunting! 🧑‍💻🎯✨

We are going Registered & Thank You for Your Contributions 🥳
8/5/2024, 10:10:57 AM (over 1 year ago)

We are thrilled to announce that Vinted has transitioned to a registered 👾 BugBounty program! This move enables us to invite more security researchers like you to test our platform, identify vulnerabilities, and contribute to our ongoing commitment to robust security🔒.

We would also like to extend our heartfelt thanks 🙏 to each of you who have already participated. Your dedication and expertise have been instrumental in helping us enhance the security of the Vinted platform. We greatly appreciate your adherence to our guidelines and your collaborative spirit.

As we expand this program, we encourage all participants to adhere to the established rules and guidelines. This approach ensures a constructive and respectful engagement for everyone involved.

Your valuable contributions are crucial in maintaining the integrity and safety of our platform. We look forward to the insights and expertise you will bring.

Thank you once again for your ongoing support and efforts. 💚

🚀 Dive into the App-tastic Adventure of Tier 1 Bug Bounties!
11/28/2023, 7:51:42 AM (about 2 years ago)

Hey Awesome Hackers,

Hope you're doing as fab as ever! Big news on the Vinted's Bug Bounty front – we've just unleashed Tier 1, and it's all about diving deep into the wacky world of iOS and Android app security. 🕵️‍♂️📲

What's Cookin' in Tier 1:

  • Mobile Mayhem: We're throwing the spotlight on our app security, and we want you to be the superhero who unravels its secrets. iOS and Android, we're looking at you!
  • Bounties That'll Make You Dance: We've juiced up the bounties for Tier 1. Find a bug, report it, and get ready to do your happy dance. 💃💰

Your ninja skills in uncovering digital mysteries make you the true MVP. Thanks for being our cybersecurity rockstars!

Quick update with some good news!
9/18/2023, 7:53:37 AM (over 2 years ago)
9/18/2023, 7:54:17 AM

Hello researchers!

Hope you having fun while making us stand on the toes to keep up with you!

We just added new endpoint for you to tackle *.vintedgo.com and wanted to remind that we still have affiliate program with bonuses on subbmitions that we just increased to 100€ :)

A reminder from last update:
Hello Researchers,

Kudos on the fantastic work you've been delivering! Your contributions are incredibly valuable, and I want to extend my heartfelt thanks for your efforts. Your submissions continue to impress, and I'm truly grateful.

Now, let's talk about an exciting opportunity ahead. We're gearing up to reintroduce affiliate links to our members, and your insights are crucial. We're concerned about potential misuse, and we're seeking your expertise to ensure a secure launch.

Here's the scoop:

Affiliate functionality will be active from 10:00 AM to 5:00 PM (EEST) each Tuesday, Wednesday, Thursday.
It'll only work on enabled accounts. Kindly let us know which testing accounts you'll use. (Accounts created from affiliate links will have this feature enabled by default.)
Feature will work only on www.vinted.at
To show our gratitude, we're offering a +50 EUR bonus for each accepted vulnerability/logic error with a fix suggestion.
Your involvement would mean the world to us. Your expertise can help us overcome this challenge together. Share your interest and testing accounts with us.
Thanks again for your dedication. Let's ace this together!

Contact for accounts: security@vinted.com

Affiliate program
8/28/2023, 6:38:22 AM (over 2 years ago)
8/29/2023, 8:58:47 AM

Hello Researchers,

Kudos on the fantastic work you've been delivering! Your contributions are incredibly valuable, and I want to extend my heartfelt thanks for your efforts. Your submissions continue to impress, and I'm truly grateful.

Now, let's talk about an exciting opportunity ahead. We're gearing up to reintroduce affiliate links to our members, and your insights are crucial. We're concerned about potential misuse, and we're seeking your expertise to ensure a secure launch.

Here's the scoop:

  • Affiliate functionality will be active from 10:00 AM to 5:00 PM (EEST) each Tuesday, Wednesday, Thursday.
  • It'll only work on enabled accounts. Kindly let us know which testing accounts you'll use. (Accounts created from affiliate links will have this feature enabled by default.)
  • Feature will work only on www.vinted.at
  • To show our gratitude, we're offering a +50 EUR bonus for each accepted vulnerability/logic error with a fix suggestion.

Your involvement would mean the world to us. Your expertise can help us overcome this challenge together. Share your interest and testing accounts with us.
Thanks again for your dedication. Let's ace this together!

Contact for accounts: security@vinted.com

Quick update
7/20/2023, 7:05:32 AM (over 2 years ago)

We really appreciate your efforts and within a few days we already received quite a few submissions, keep it up!!!

Due to some internal discussions we deprioritised the vinted.ca store and excluded it from scope until further notice.

🚀 Let the Bug Hunting Begin! 🚀
7/17/2023, 8:24:23 AM (over 2 years ago)

It's time to put your skills to the test and find those hidden flaws now that the bug bounty gates are open.
We are delighted to have you on board and are looking forward to your discoveries.
Happy hunting, good luck, and thanks for contributing to our efforts to create a more secure future!