Mail.ru Group pays over $2 mln to researchers for security tests of its services

Mail.ru Group paid another reward within the framework of the vulnerability search program with international platform HackerOne: the researcher received $40,000. The total amount that the company paid in bounties under the program exceeded $2 million.

Mail.ru Group's vulnerability search program has been operating on the HackerOne platform for cybersecurity experts since 2014. It helps researchers find security flaws and fix them before attackers find them. The large-scale program covers almost all projects of the VK ecosystem (developed by Mail.ru Group), allowing to fortify their security.

The reward for a discovered vulnerability depends on its severity. Bounties range from $150 to $40,000, and the most expensive vulnerability reported in the program is estimated at $55,000 – one of the highest rates on the market.

Mail.ru Group pays out rewards to researchers every week. Since launch, around 5,000 reports have been received from over 3,400 security researchers in total.

“The vulnerability search program is an important security tool that we actively use. This is similar to regularly undergoing medical examinations: the more often you go to experienced doctors, the higher the chances to catch all and any possible health problems at an early stage, avoiding a crisis. The best experts from all over the world are working with us. They help us detect the smallest security threats and receive a well-deserved reward for it – not only money but also recognition from the community. We work as quickly as possible to eliminate all discovered vulnerabilities, which allows us to maintain a high level of security for our products. This is the global standard,” Alexey Grishin, Head of the Vulnerability search program, Mail.ru Group, commented.

HackerOne is a popular platform among security experts that allows researchers around the world to report vulnerabilities to companies and get rewarded for doing so. Organizations such as PayPal, Twitter, Goldman Sachs, the Pentagon, and hundreds of others are participating in the program.

Mail.ru Group develops the VK ecosystem helping millions of people with their day-to-day needs online. More than 90% of the Russian internet audience use it every day. 

The ecosystem enables people to keep in touch (using social networks OK and VK, messaging apps and email service), play video games (via MY.GAMES), get and offer items and services, browse jobs and hire talent (via Youla and VK Jobs), order food and grocery delivery (via Delivery Club, Samokat and Local Kitchen), get a ride (with Citymobil and Citydrive), master new skills (at GeekBrains, Skillbox and other educational services), buy and sell at Aliexpress Russia and fulfill other needs.

The VK ecosystem features a number of shared elements bringing the services together. Users can sign in to different services with a single VK Connect account, pay and earn cash back with the VK Pay platform, get discounts and deals with VK Combo, access their favorite services via the VK Mini Apps platform — and the Marusya voice assistant can help with any task.

The company offers enterprises to employ its dynamic ecosystem to digitize their business processes, providing a range of solutions from online promotion and predictive analytics to corporate social networks, cloud services and enterprise automation.