Can you hack a website?
If so, you could actually make money hacking some of the biggest companies in the world.
And you’d be doing it all legally!
Until just a few years ago, almost everyone associated the word “hacker” with people with malicious intents.
But these days a new breed of hackers known as “White Hat Hackers” are actually being compensated for hacking companies.
Companies have learned that the best defense against bad hackers is to hire good hackers to find vulnerabilities in the system before the criminals do.
An example of that is Facebook which pays you $500 for hacking it!
It used to be that companies would reach out to hackers and hire them to hunt for these vulnerabilities.
But companies like BugCrowd are changing that.
And if you ever wanted to make money as a “White Hat” hacker, here is your chance.
Getting paid for hacking companies legally
Basically, it all comes down to this:
Be the first one to find a bug in a company’s platform/website, report it and get paid.
It really is as simple as that!
Companies like BugCrowd – also known as Bug Bounty Platforms – are essentially the middleman between big corporations and legal hackers.
Major companies like Alibaba, AT&T, DirectTV and others sign up with these platforms. They then explain what the want and the reward they are willing to award to hackers who can find vulnerabilities in their system.
You (the hacker), on the other hand, sign up, browse the list of available Bug Bounty programs and pursue the ones you find interesting.
If you manage to find bugs, you report it through the system and if it turns out to be a real bug and you are the first to report it, you’ll get paid.
Example companies that reward hackers
Almost all major companies have some sort of bug bounty program where they pay hackers to find and report vulnerabilities in their system.
Here are a few examples of companies and the amount they pay for finding bugs in their program:
- Pinterest: $50 – $1,500 per Bug
- Dropbox: $216 – $4,913 per Bug
- Jet.com: $25 – $2,500 per Bug
- Western Union: $100 – $5,000 per Bug
- CARD.com: $50 – $500 per Bug
- Tesla: $10,000 per bug
Again, this is just a sample list. There are hundreds of companies, big and small, that run some sort of bug bounty programs.
You can find more of them by signing up for the bug bounty platforms we listed below.
Bug Bounty platforms
As I mentioned earlier, most companies nowadays outsource their bug bounty programs to bug bounty platforms.
And as a hacker, joining these platforms is the best way to find companions that will pay you for hacking them or finding bugs and vulnerabilities in their system.
Here are some of the top bug bounty platforms that have some of the biggest companies in the world as their client.
- Official site: https://bugcrowd.com
Bugcrowd is one of the original bug bounty platforms that has a community of over 22,000 white-hat hackers.
Their bug bounty program is huge.
They work with some of the biggest and most well-known companies around the world.
- Western Union
According to the company, they have paid out over $1,000,000 to researchers (it’s what they call the hackers) over the years.
Once your reported bug is accepted by the company, your payment is made the following Wednesday.
Bugcrowd currently supports payments via PayPal and Payoneer.
Where to apply
- To join the site visit https://bugcrowd.com/join-the-crowd
- Official site: https://www.synack.com/
Synack calls itself “the First Hacker-Powered Vulnerability Management Platform.”
Whether they were the first is up for debate and not really important for what we are trying to do – getting paid to hack companies legally!
The founders of the companies actually worked for the NSA before starting Synack.
To become part of The Synack Red Team (SRT) (their slang for hackers) you have to fill out an online application and attach your resume.
Synack covers different industries and sectors including Government, Retail, and Financial Services.
Some of their major customers include:
- Department of Defense
- Internal Revenue Service
They have a very fast payout system that gets you paid within 24 hours or so.
Their single highest payout for finding and reporting a bug to date is $24,000.00.
Yes, that’s $24K!
They also offer prizes for what they call “top performances”.
Where to apply
- To apply, go to https://boards.greenhouse.io/synacksrt/jobs
- Official site: https://www.hackerone.com/
HackerOne is famous for having some of the highest paying bug bounty rewards.
So far, they have paid out more than $10 million in bug bounties to their community of white-hat hackers.
The best part about this company is that you don’t have to be a pro hackers with years of experience to join. They have an awesome community that welcomes newbies who are just getting started.
You can hack on the web, APIs, Internet of Things (IoT), Android/iOS and anything else worth protecting.
Some of the companies they work with include:
They even have the U.S. Dept Of Defense as one of their clients.
Their hackers have earned over $8,000,000 in bounties with the single biggest reward for one hack at $30,000.
You get paid within 2-7 days via PayPal.
Where to apply
- To apply, go to https://hackerone.com/users/sign_up
- Official site: https://cobalt.io
Cobalt is one of the newer platforms on this list.
And while they don’t have as many clients as the other big platforms, they do have decent bug bounties ranging from $100 to $1000.
Anyone can sign up for the program. But to become a Security Researcher (what they call the hackers,) you have to be invited to the security program and undergo a strict vetting process to become part of the Cobalt Core.
Some of their clients include:
You can expect payment and feedback (from the companies you found and reported a bug to) within 30 days.
You are paid via PayPal or in Bitcoin.
Where to apply
- To sign up, go to https://app.cobalt.io/users/sign_up/tester
The bottom line
Whether you are a serious white-hat hacker or just an average technology/internet user, getting paid for hacking companies is as fun as it can get.
Bug bounty programs not only offer a great way to help the companies behind product and services you use and enjoy every day but also to earn some extra money while having fun trying to hack them legally.