Nubank launches reward program for ethical hackers in partnership with HackerOne

Today, September 9, Nubank launches the Bug Bounty program with HackerOne, the largest community of security researchers in the world. 

The program is led by our Infosec (Information Security) area, and offers financial rewards for Brazilian researchers who find vulnerabilities in our systems.

Nubank goes to great lengths to make our customers’ experience as smooth as possible, constantly improving its internal security tools. Therefore, relying on the contribution of the security researchers community is another way we found to protect our systems.

See below what a Bug Bounty program is and how our partnership with HackerOne will work.

Bug Bounty is a rewards program for those who report issues related to possible vulnerabilities in an organization’s system.

The initiative aims to detect potential loopholes before they materialize as a cybersecurity issue. The researcher performs a code security analysis, identifies the bug, reports it to the HackerOne platform, and, in return, receives a financial reward – or bug bounty. Then, it’s up to the company (in this case, Nubank) to fix the bugs mapped in the app.

This is a safe practice, and hundreds of renowned institutions are already using it as a strategy to increase the protection of their websites and applications.

Nubank invited the highest rated Brazilian researchers at HackerOne to look for bugs and any vulnerabilities in our app. The idea is to protect our system with an extra layer and keep our customers safer.

HackerOne is the world’s largest ethical hacker platform. It unites security researchers with companies committed to protecting their systems. 

Nubank now has a page on the platform, where these guest researchers will be able to report possible technical details of bugs found in our app and receive a cash reward.

It is up to HackerOne to mediate the relationship between the researchers and Nubank, evaluating the reports and excluding those that are considered inconsistent. The platform also performs vulnerability tests based on the details provided by the good hackers. 

After all this process on the platform, Nubank validates the information sent by HackerOne, fixes the mapped bug, and releases the payment to the researcher who found it.