One of the biggest messenger apps in the world invites hackers to proactively report security vulnerabilities to enhance cybersecurity
HackerOne announced the launch of LINE Corporation’s (“LINE”) public bug bounty program. Through the program, ethical hackers are invited to test LINE’s core messenger application and web domains for potential vulnerabilities and securely disclose them to LINE. In working with HackerOne, LINE is able to tap into the vast expertise of a global community of skilled hackers to identify and fix security vulnerabilities before they can be exploited.
Since July 2019, LINE has been running a private program on HackerOne in tandem with its self-managed bug bounty program. Over the course of the past four months, LINE has paid out nearly US$30,000 in monetary awards — better known as bounties — to hackers for their efforts and has seen increased engagement from hackers internationally. In going public today, the company will be transitioning its entire bug bounty ecosystem to the HackerOne platform. Since starting its ongoing bug bounty program in June 2016, the company has received more than 1,000 reports and have paid over US$300,000 in bounties through both self-run and HackerOne bug bounty initiatives.
“We are thrilled to be moving to the HackerOne platform as it allows us to increase our visibility and thereby increase the amount of high quality reports we receive as well,” said Naohisa Ichihara, Head of Cyber Security Department at LINE. “As being transparent about security issues is very important to us, we wanted a convenient way to disclose such information. Our original platform did not have an easy way of achieving this, so it was also a contributing factor in deciding to move to HackerOne.”
There are over 570,000 hackers registered on HackerOne. Participation in the LINE bug bounty program is open and encouraged to all hackers worldwide. Bounty awards range from US$500 to US$30,000 for eligible valid vulnerabilities. Assets in scope include the main LINE application (for iOS, Android, Chrome, MacOS and Windows) as well as the web domains https://store.line.me/, https://news.line.me/, https://music.line.me/, and https://live.line.me/.
“With 164 million global monthly average users across their top four countries, LINE knows it’s imperative to protect user information around the clock,” said Attley Ng, HackerOne’s VP, Asia Pacific (APAC). “By adding the largest community of ethical hackers in the world as an extension of their cybersecurity team, LINE enhances their global approach to security and improve the safety of their customers.”
APAC continues to be one of the fastest growing regions for hacker-powered security. According to HackerOne’s 2019 Hacker Powered Security Report, the number of hacker-powered security programs grew by 30% in the region year over year. This new program comes on the heels of a momentous year of growth in the region for HackerOne. The company opened its APAC headquarters in Singapore and has brought on notable customers including Ministry of Defence Singapore (MINDEF), GovTech Singapore, Xiaomi, Zomato, Toyota, Nintendo, Grab, and Alibaba. In addition, the region’s first ever live-hacking event (h1-65) was held in Singapore, with Dropbox awarding over $300,000 in bug bounties to participating hackers.