Clubhouse, the audio-based social media platform, is set to test the strength of its applications as it has launched a bug bounty programme worth $3,000 on HackerOne.
The firm made this announcement in a blogpost stating: “While many bug bounty programs promise high rewards for catastrophic-level discoveries, our approach keeps the scope broad so we can address as many bugs as possible. To that end, if you can help us fix bugs that could cause harm to our community, you’ll be eligible to earn a bounty.”
The Clubhouse bug bounty program has six assets in scope, including web domains clubhouse.com and joinclubhouse.com, backend API clubhouseapi.com, the Clubhouse iOS and Android applications, and the production and corporate infrastructure of Clubhouse developer, Alpha Exploration.
The company is particularly keen on hardening its applications against security flaws leading to access control bypasses, escalation of permissions, and disclosure of sensitive user information.
Its two other priorities are to bolster its infrastructure and internal “administrative tooling”.
The app developer has already paid out more than $10,000 to ethical hackers within a few days of the program’s launch. Financial rewards for unearthing critical flaws are pegged at $3,000, while ‘high’ severity bugs will command bounties of $1,500. Bug hunters could get $500 and $100, respectively, for valid ‘medium’ and ‘low’ severity bugs.
“We’re excited to help support security for a platform like Clubhouse, which is already making waves through the conversations they’ve prompted within their current community,” said Michiel Prins, co-founder of HackerOne.
“Clubhouse’s public bug bounty program will offer their in-house security team continuous testing support from a diverse pool of talent through our global community of more than one million hackers.”
Launched in March 2020, Clubhouse enjoyed spectacular growth at the height of the coronavirus pandemic, with its cachet boosted by initially being invite-only and the likes of Tesla CEO Elon Musk and Meta CEO Mark Zuckerberg using the platform.
