Hello Hackers,
🎺 As you may have heard, we partnered with NahamCon 2024 this year offering $50,000 in bonuses for the rest of the month of May 🥳!
In addition to the bonus table below, there is a scholarship program for one lucky hacker who submits a valid bug to our program during this time where NahamCon will pay for your entire trip to DEFCON in LAS VEGAS ✈!
Make sure to tag your submissions with "[NahamCon2024]” in the title so we know to consider you for any of the bonuses below.
Bonus Name | Bonus Amount | # of bonuses | Notes |
---|---|---|---|
Critical Thinker | $10,000 | 1 | First valid Critical severity report |
Aim High | $5,000 | 2 | First 2 valid High severity reports |
Medium Submissions | $500 | 10 | First 10 valid Medium severity reports |
Newcomer | $500 | 10 | First 10 "new to Yahoo" hackers' first valid report |
Re-igniter | $500 | 5 | First 5 "back to Yahoo" hackers' first valid reports |
Yahoo Mail | $2,500 | 1 | First valid medium or higher severity report on Yahoo Mail |
Yahoo Finance | $2,500 | 1 | First valid medium or higher severity report on Yahoo Finance |
Mobile App | $2,500 | 1 | First valid medium or higher severity report related to any Yahoo Mobile apps |
Submission Multiplier | $1,000 | 5 | First 5 hackers to report 5 valid submissions |
Submission Multiplier | $2,500 | 2 | First 2 hackers to report 5 or more valid High & Crits |
Re: Submission Multiplier Bonuses - We do encourage hackers to collaborate, but the credit for the report is counted only towards the reporters
To get in on more of the fun and updates, check out NahamSec's Discord
Hey Hackers!!
💸 100% Bonus. 💸 Bam. Yeah, we said it. It’s March Madness and apparently, we’ve gone crazy enough to double the base pay on any medium or higher severy reports on some of the top Yahoo properties through the end of March! We’ve got a $100k bonus pool up for grabs. Will you score a win?
Targets in Scope: Yahoo Search, Yahoo Finance, Yahoo Mail, Yahoo Homepages, Yahoo Games, AOL Homepages, Membership and Yahoo News
Start Date: 3/18/2024 11 AM ET
End Date: 3/31/2024 11:59 PM ET
Happy hacking!
The Yahoo Bug Bounty Team
Hey there, fellow hackers!
We've got some exciting news to share with you. Yahoo Finance has just rolled out a new design and many cool features. They've focused on making it simple and functional so you can get the information you need quickly and easily. Check it out and let us know what you think!
We're offering a special bonus for all valid reports you submit to celebrate this milestone.
You'll earn a 50% bonus on valid reports related to Yahoo Finance assets from now until the end of the year. And if you submit a valid report on other assets, you'll earn a 10% bonus!
We're always looking for ways to improve our program and make it more effective, so if you have any feedback or suggestions, please don't hesitate to let us know. We're committed to working with you to create a safer digital world for everyone.
Happy hacking!
The Yahoo Bug Bounty Team
If you are a CTF player or know someone who enjoys CTFs and plans to participate in GlacierCTF 2023, this is big news!!
You can become eligible to win upto $15,000. Wondering how?
- Submit a valid vulnerability to Yahoo's program on Intigriti between now and November 23, 2023
- Make sure to include your team name in the report
- Once accepted, you immediately qualify for the CTF Bonus
- If you win the CTF and are eligible, we'll pay the bonus to the report
More details here
Happy hunting!!
Cheers,
The Yahoo Bug Bounty Team
Hey hackers!
Thanks for sharing some candid feedback to our initial survey. We agree Yahoo's scope is vast and its not easy to pick a product to focus your research on. So to help you choose an area to focus on, we have these special promotions focusing on whats important to us.
- First 3 valid reports of XSS (all types) on any of the following properties, will receive 200% bonus (
Yahoo Mail
,Yahoo Calendar
,Yahoo Search
) - First 3 valid reports of IDOR on any
TW property
in scope, will receive 100% bonus - First valid report of SSRF (Full content, semi-blind) on any
*.yahoo.com
or*.aol.com
domains in scope, will receive 100% bonus
Happy hunting!!
Cheers,
The Yahoo Bug Bounty Team
Notes:
- These bonuses cannot be combined with the other bonus (25% bonus for medium or higher severity reports), which is still active.
- Bonus does not apply to
out of scope
products and domains
Hey awesome hackers!
The Yahoo Bug Bounty team wants to let you know how much we appreciate you participating in this private version of our Bug Bounty program! To show that appreciation, for all medium or higher severity reports you will receive a 25% bonus on top of the regular bounty! This bonus comes from a bounty pool of 50K so resources are limited, and it only lasts through the private program. First reported, first served!
As this is a private program, we also ask that you please avoid sharing the program or your participation on social media and other public platforms for now. Maintaining the element of surprise is crucial until we are ready to launch this program publicly on Intigriti!
If you have any questions or need assistance, don't hesitate to contact our Bug Bounty Program team through Intigriti's “Ask scope question” feature. We're here to help!
Once again, thanks a million for being part of our Bug Bounty Program. We're thrilled to have you on board and can't wait to see what incredible vulnerabilities you uncover!
Cheers,
The Yahoo Bug Bounty team