Hyatt Hotels has launched a new public bug bounty program seeking vulnerability reports that’ll identify and squash issues before they arise. The new program comes amid Marriott’s ongoing investigation into a major hack that exposed customer data, including passport numbers. Hyatt has previously faced its own security breaches, including the presence of malware on its payment system, which was disclosed in 2015.
An increasing number of large corporations have fallen victim to payment system malware and database breaches, the result often being the same: users/customers are left exposed and their personal information is potentially compromised by data thieves. In the most recent major breach, Marriott revealed that more than 300 million customers were impacted by a recent security breach.
The bug bounty program, which is live now on HackerOne, seeks ethical hackers who will discover and report vulnerabilities related to Hyatt’s network. The company has invited security experts to test both its mobile apps and its websites.
Hyatt claims it is the first company in the hospitality industry to utilize the “collaborative efforts” of a bug bounty program open to the public. The company requires researchers to submit their vulnerability reports through the HackerOne platform according to its submission requirements, also paying mind not to violate Hyatt’s rules.
Vulnerabilities related to social engineering aren’t acceptable, and the company also requires security researchers to only mess with their own account or ones they have permission to test, among other things. Applicable, original, and appropriate reports will be awarded cash based on how critical Hyatt considers them. Low-tier reports will earn researchers $300, while medium reports are worth $600, high reports are $1,200, and critical reports are $4,000.