• $300 – $30,000 per vulnerability
  • Up to $1,000,000 maximum reward

Program Update

Hello -

Thank you for all of your great work on the 1Password program.

This is not an easy web target (for instance, running scanners is unlikely to help you here, and standard XSS-type injections won't yield much either). That being said, 1Password is committed to helping you succeed on this program.

To this end, they've setup a researcher vault with additional, helpful information, that requires your opt-in to receive an invite.
You can opt-in by emailing julie@agilebits.com, provide your @bugcrowdninja email, and you'll be provisioned account access to the vault where 1Password provides supplemental information for testing against the application - including documentation on real issues that were recently found (so as to give direction towards where more issues may be present) and more.

Happy Hunting!
The Bugcrowd Researcher Operations Team