ExpressVPN is offering a one-time, $100,000 reward to anyone who can hack its servers.
ExpressVPN is one of the leading VPN services on the market, and is consistently recommended by many reviewers. Like a lot of companies in the tech industry, ExpressVPN offers bug bounties as a way of encouraging white hat hackers and security researchers to find bugs and report them, before they can be exploited by bad actors.
The company is now offering a major incentive, in the form of $100,000, specifically for proof of “unauthorized access to a VPN server or remote code execution,” or vulnerabilities “that result in leaking the real IP addresses of clients or the ability to monitor user traffic.”
Obviously, the company will require proof of the exploit, in order to pay the bounty.
In order to qualify to claim this bounty, we will require proof of impact to our user’s privacy. This will require demonstration of unauthorized access, remote code execution, IP address leakage, or the ability to monitor unencrypted (non-VPN encrypted) user traffic.
It’s a safe bet security researchers will be eager to take a shot at ExpressVPN’s services, with that much money at stake.