Skip to main content

Need some extra money? Become a bug bounty hunter for Twitter

The bounty hunters of today aren’t roaming the Wild West with a rifle and a pair of handcuffs — rather, they’re denizens of the online world, hunting for bugs. And boy, are they getting paid.

In a recently released report from Twitter, the social media company revealed that over the last two years, bug bounty hunters have been paid over $300,000 in rewards for finding “threats and attacks against [Twitter’s] users and systems.” Because keeping a vast internet company up and running and safe from malicious parties is a collaborative, and sometimes for-hire, effort.

Recommended Videos

As Twitter admitted Friday, the Silicon Valley firm has another line of defense that works alongside its “dedicated account-, network-, enterprise-, corporate-, and application-security teams.” Thanks to its bug bounty program, Twitter has tapped into a vast network of security researchers who help alert the firm to any vulnerabilities they find so that the company can fix them before others can exploit them.

The program has been a critical component of Twitter’s defenses since May 2014, and the company calls it “an invaluable resource for finding and fixing security vulnerabilities ranging from the mundane to severe.”

Over the last 24 months, Twitter has received 5,171 submissions from 1,662 researchers, and the company has paid a total of $322,420 to researchers. The average payout is a not-so-shabby $835, and the highest payout to date has been an impressive $12,040. Why the odd amounts? Because it’s Twitter, and everything is in a multiple of $140 (yes, that means that its minimum payment is also $140).

In fact, so lucrative is Twitter’s bug bounty program that you could practically make a living off of reporting vulnerabilities alone. In 2015, the company says, a single researcher made over $54,000 — that either speaks to the researcher’s prowess … or the multiplicity of Twitter’s security issues.

And if you’re really looking for a big payout, try to find a remote code execution vulnerability — Twitter pays $15,000 a pop for one of those. But they’ve yet to receive such a report.

“We’re thankful to all the security researchers who have worked hard to find and report vulnerabilities in Twitter, and we look forward to continuing our good faith relationship in 2016 and beyond,” the company concludes. And of course, if you want to turn your bug bounty hunting skills into a real job, Twitter also notes that it’s hiring on its security team.

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Reddit just achieved something for the first time in its 20-year history
The Reddit logo.

Reddit’s on a roll. The social media platform has just turned a profit for the first time in its 20-year history, and now boasts a record 97.2 million daily active users, marking a year-over-year increase of 47%. A few times during the quarter, the figure topped 100 million, which Reddit CEO and co-founder Steve Huffman said in a letter to shareholders had been a “long-standing milestone” for the site.

The company, which went public in March, announced the news in its third-quarter earnings results on Tuesday.

Read more
Worried about the TikTok ban? This is how it might look on your phone
TikTok splash screen on an Android phone.

The US Supreme Court has decided to uphold a law that would see TikTok banned in the country on January 19. Now, the platform has issued an official statement, confirming that it will indeed shut down unless it gets some emergency relief from the outgoing president.

“Unless the Biden Administration immediately provides a definitive statement to satisfy the most critical service providers assuring non-enforcement, unfortunately TikTok will be forced to go dark on January 19,” said the company soon after the court’s verdict.
So, what does going dark mean?
So, far, there is no official statement on what exactly TikTok means by “going dark.” There is a lot of speculation out there on how exactly the app or website will look once TikTok shutters in the US.

Read more