Google Pays Cash to Get Hacked

Many of the Web giant’s products are susceptible to attacks, and that’s why the Web giant says it will now pay up to $20,000 for anyone to find “qualifying vulnerabilities.”

In an effort to cut down on hacking, bugs, and vulnerabilities, Google offers dollar rewards for people to hack into its Web services.

The Internet giant began swapping security research for cash over the past couple of years, but today it announced that it was upping the ante.

“In just over a year, the program paid out around $460,000 to roughly 200 individuals,” Google security team members Adam Mein and Michal Zalewski wrote in a blog post. “We’re confident beyond any doubt the program has made Google users safer.”

As of today, hackers can get up to $20,000 for “qualifying vulnerabilities,” $10,000 for SQL injection and certain kinds information disclosure, authentication, and authorization bypass bugs, and around $3,000 for XSS, XSRF, and other high-impact flaws in sensitive applications.

Before now, Google’s highest payout was $3,133.70, according to Forbes.

Many Google products are susceptible to attacks that could potentially tap into users’ private information.

Take Google Wallet vulnerabilities could lead hackers to accessing users’ funds via prepaid card information, as Cnet stated.

Mein and Zalewski say higher rewards will be paid for finding flaws in services where there is higher risk to user data, such as Google Wallet.

Since the Web company launched its Vulnerability Reward Program in November 2010, it has received more than “780 qualifying vulnerability reports that span across the hundreds of Google-developed services,” according to the blog post.

The program was devised to recruit external researchers to find system bugs and flaws. Newly acquired companies and Google client applications, such as Android, Picasa, and Google Desktop, are not included in the rewards program.

 

Leave a comment