Pornhub Launches Bug Bounty Programme For Security Researchers

Pornhub, one of the world’s biggest adult sites, is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform.

Hunters will be paid a minimum of $50 (£34.53) for each vulnerability discovered, with up to $25,000 (£17,263) on offer for particularly vicious flaws, although the site notes that 23 reports have already been resolved.

Targeted

Successful applicants to the scheme will need to be the first person to responsibly disclose an unknown issue, which the Pornhub security team has 30 days to respond to, and up to 90 days to implement a fix base on the severity of the report.

However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company’s offices or data centres.

Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.

“Security is a top priority at Pornhub,” the company said. “We strive to work with skilled security researchers to improve the security of our service. If you believe you’ve found a security bug in the services listed in our scope, we will be happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.”

Due to their louche nature, adult sites have proved attractive propositions to cyber-criminals in the past.

Last December, leading sites including PornHub, YouPorn and Xhamster were revealed as victims of a wide-ranging malvertising attack which left their users at risk of being exposed to malware.

The sites were also targeted back in September by attacks which infiltrated the advertising networks that serve up ads for popular online destinations.

What do you know about Internet security? Find out with our quiz!