Internet Vulnerabilities – Why a Platform Pays $ 10,000 to Ethical Hackers – eCommerce Magazine


Has been working since January 2020 Lazada as part of a private Bug bounty program successfully partnered with ethical hackers. Thus, the company wants to find security gaps in the Internet and in its IT environment. Now the company is opening the program to the entire cybersecurity community.

With the start of this public bug bounty program, Lazada is setting an example for the e-commerce industry. In addition, it underlines the priority that security and transparency have for its customers and partners. Lazada is offering security researchers up to US $ 10,000 per bounty.

Vulnerabilities in the Internet: Top priority for protecting customer data

Founded in 2012, Lazada is headquartered in Singapore. It is one of the leading e-commerce platforms in Southeast Asia and was acquired by the Alibaba Group in 2016. The company, which operates in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, offers not only LazMall, the largest virtual shopping center in the region with over 18,000 brands, but also solutions for logistics, retail and payment services.

Since starting his private bug bounty program, Lazada has worked with over a hundred ethical hackers at YesWeHack Security researchers are called, collaborated. To uncover vulnerabilities in the form of security holes in the Internet, Lazada has given over $ 150,000 in bounties to the security researchers. The measures also included a pre-launch event for the public program. Hackers from the YesWeHack community identified vulnerabilities within 48 hours.

“Given the importance of data and personal information, we attach great importance to protecting our customers. We have worked to address these vulnerabilities to ensure a secure shopping platform. In view of the constantly evolving data security and the aggressiveness of hackers who use technologies to steal data, we rely on the cooperation with the cybersecurity community, which is now larger in the public program. In this way, we want to strengthen our IT ecosystem, ”says Alan Chan, Chief Risk Officer of the Lazada Group.

“Since working with YesWeHack, we’ve improved our security by expanding our secure software development process. This enabled us to prevent the same type of vulnerability from occurring again. It was very useful to be able to confirm with the help of a larger group of security researchers that our security monitoring can intercept the exploitation of vulnerabilities. ”

Up to $ 10,000 reward for reporting critical Internet vulnerabilities

Lazada is now taking further steps to offer its customers transparency and security. For this purpose, it transfers the areas previously tested in the private program into a public program. This enables cybersecurity researchers from around the world to participate in the program and report vulnerabilities to the e-commerce platform.

In addition, Lazada pays special attention to vulnerabilities that affect personal data and have a severity of “high” or “critical”. Lazada will pay up to $ 10,000 to security researchers for submitted reports of critical vulnerabilities.

“With the launch of this new public bug bounty program, we are sending the clear message that we understand the importance of the data we hold. We believe in the expertise of the YesWeHack community. We also look forward to continuing to work with ethical hackers to identify and counter new attack vectors. It’s about protecting our data as well as our employees and protecting our customers from security gaps, ”says Franck Vervial, Head of Cyberdefence at Lazada.

Lazada strengthens its security and advocates transparency

“YesWeHack is very excited to partner with Lazada and expand our market in Asia. This is how we ensure that the Lazada e-commerce platform and its customers are protected against increasingly sophisticated cyber threats, ”says Kevin Gallerin, Managing Director APAC at YesWeHack. “The move to a public program follows more than 18 months of collaboration during which our global community of security researchers has demonstrated their effectiveness and broad range of skills. By addressing an even broader community, Lazada is strengthening its security and advocating transparency and data protection. In this way, Lazada can ultimately build and maintain the trust and experience of millions of users across APAC. “