It’s common for tech companies to have a bug bounty program. That allows them to tap into the incredible talents of whitehat hackers who disclose vulnerabilities in their systems in exchange for a reward. Hyatt Hotels isn’t a tech company, it’s a major hospitality chain. However, in light of the recent card-skimming attacks against its properties, the hotel chain has launched its own bug bounty program.
Hyatt is hosting a new initiative on the bug bounty program HackerOne so that it can utilize the “vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities.”
“As one of the first global hospitality brands to launch this type of program, we extend the ways we care for our guests and deepen our commitment to protecting their sensitive information,” said Benjamin Vaughn, the hotel chain’s chief information security officer.
The HackerOne platform is used by many ethical hackers to find security flaws, vulnerabilities, security issues with servers, and more before hackers with bad intentions exploit them to cause harm.
Hyatt’s bug bounty program is public and covers the main hyatt.com domain in addition to world.hyatt.com, m.hyatt.com as well as the Hyatt apps for iOS and Android. A wide variety of issues will be eligible for rewards if they’re discovered. This includes cross-site scripting bugs, back-end system access via front-end services, authentication bypass, and more.
Ethical hackers who report severe valid vulnerabilities can receive rewards of up to $4,000. Other rewards will range from $1,200 to $300.