Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Verizon, PayPal, Uber Paid Out Most Through Bug Bounty Programs on HackerOne

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs.

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs.

The top 10 bug bounty programs on HackerOne are run by Verizon Media, PayPal, Uber, Intel, Twitter, GitLab,, GitHub, Valve and Airbnb. This is based on how much they paid out since the launch of their program until April 2020, excluding awards from live hacking events.

According to HackerOne, Verizon has paid out more than $9.4 million since the launch of its program in February 2014, with a top bounty of $70,000 and an average first response time of 8 hours. It’s worth noting that Verizon was also at the top of the list last year, but by April 2019 it had only awarded roughly $1.8 million.

PayPal, which last year occupied the third position, was second this year, with a total of nearly $2.8 million paid out between August 2018 and April 2020. The payments giant had an average first response time of 4 hours and its highest bounty was $30,000.

Uber dropped from second to third place, with over $2.4 million paid out since December 2014 and a top bounty of $50,000. Next in line is Intel, with nearly $1.9 million paid out since March 2017.

Twitter was in fifth place with nearly $1.3 million awarded since May 2014. The social media giant had an average response time of 12 hours and its average time to bounty was 8 days, with a maximum bounty of just over $20,000.

GitLab paid out a total of $1.2 million, followed by with $1.1 million. Both companies launched their programs in 2014 and both awarded a top bounty of $20,000, but GitLab has the best response time in the top 10, at one hour.

GitHub, Valve and Airbnb were all getting close to $1 million total bounties paid out by April 2020.

“These 10 organizations are helping to spell out the truth: hackers still have all the advantage today,” said Alex Rice, CTO and co-founder of HackerOne. “With software development cycles becoming increasingly continuous, security teams are left playing catch up. To accommodate this fast-paced method, companies are in desperate need of a security strategy that will grow and adapt at the pace of innovation. These organizations are meeting criminals on the battlefield with hackers devoted to doing good, finding vulnerabilities in real time before they can be exploited.”

HackerOne reported recently that bug bounty hunters earned more than $100 million through its bug bounty platform since October 2013.

Related: Tencent Partners With HackerOne for Bug Bounty Program

Related: Sony Launches PlayStation Bug Bounty Program on HackerOne

Related: Hacker Earns $8,500 for Vulnerability in HackerOne Platform

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.