Reddit Invites Everyone Into Its Bug Bounty Program

MakeUseOf

By Simon Batt

Published Apr 15, 2021

Fancy breaking into Reddit and earning some cash at the same time? You've come to the right place.

Image Credit: https://www.shutterstock.com/image-illustration/hacker-jacket-hood-laptop-sits-table-1764951257

Fancy yourself a dab hand at breaking into websites to get paid? Reddit has published a bug bounty that anyone can hop in on, and you can earn up to $10,000 for finding a vulnerability.

Reddit's Bug Bounty Program for Ethical Hackers

An admin called Securimancer made the announcement on the Reddit Security subreddit. Reddit already had a bug bounty program, working hand-in-hand with HackerOne to help find flaws in the website's coding. HackerOne is a fantastic tool for ethical hackers to make a living doing what they do best.

However, for three years now, the Reddit bug bounty program was private. That meant that only invited hackers could claim bounties when they found an exploit.

Now, Reddit wants to widen the scope of how people find, report, and get paid for bugs. To do this, the company has decided to open up its bug bounty program for all to try.

You can see all the details on the HackerOne Reddit page. At the time of writing, finding a low-priority exploit will net you $100. A medium-level one is $500, and a high-priority exploit will bag you $5,000. Finally, a critical-level bug will get you $10,000.

Why Is Reddit Paying Hackers to Hack Them?

It may seem odd that a website is paying people so much to break into their systems. It sounds sort of like a bank paying robbers to steal money from them.

However, the idea makes a lot more sense in practice. The only way a company can 100 percent ensure that its systems are safe from hackers is to sic hackers onto it.

Of course, the hackers that go for these bug bounties aren't like the shady, hooded, Hollywood-esque criminals you see in the movies. These people use their talents to help companies protect themselves from malicious agents, and they'll never use their skills to actually hamper the website or its users.

As such, paying hackers to find flaws in a controlled and legal manner is the best way for a company to ensure its cybersecurity is top-notch. If they didn't pay out, hackers would have to find other ways to put their skills to good use; perhaps ones that are less than legal.

Protecting Reddit From Hackers, By Hackers

The best way to test a defense is to pit the real thing against it, and ethical hackers fit the bill perfectly. Reddit now has its own public bug bounty board, so why not give it a crack if you're a dab hand at hacking?

Reddit needs to be secure, as the website sees 52 million daily visitors. However, that figure still lags behind other websites, like Twitter's 187 million.

Image Credit: Adil Graphics/Shutterstock.com