Indeed

  • Points – $10,000 per vulnerability
  • Partial safe harbor
  • Managed by Bugcrowd

Program stats

1354 vulnerabilities rewarded

Validation within 1 day
75% of submissions are accepted or rejected within 1 day

$604.54 average payout (last 3 months)

Recently joined this program

Since 2004, Indeed has given job seekers free access to millions of jobs from thousands of company websites and job boards. As the leading pay-for-performance recruitment advertising network, Indeed drives millions of targeted applicants to jobs in every field and is the most cost-effective source of candidates for thousands of companies. We take our security very seriously and welcome any responsible disclosure of potential gaps in our systems. Please read through the following details to help you focus on the areas most important to us.


Program Ground Rules

  • Respect our users' privacy.
  • Leave the Site as you found it.
  • Don't violate our Terms of Service or the law.
  • Don't access the data of others.
  • Don't impact our services.
  • No interacting with others.
  • Cooperate with Indeed.
  • Follow Bugcrowd's rules.

Respect our users’ privacy.

If during your research you happen to encounter any information about another user or other individual, immediately stop and report this to Indeed. To participate in this program, you only need to explain the technical vulnerability you discovered.

Leave the Site as you found it.

Do not copy, save, store, transfer, disclose, or otherwise retain any information you find on our Site during your research, except to report your research to Indeed.

Don't violate our Terms of Service or the law.

All access to our Site must otherwise be in accordance with our Terms of Service and all applicable laws.

Research should be performed only through the job seeker, advertiser, and/or publisher account that you create on Indeed. Indeed regularly purges accounts that perform suspicious activities on our web properties; to avoid this, please use accounts with “+bugbounty” in the username for example: username+bugbounty@bugcrowdninja.com

Don't access the data of others.

You must avoid any viewing, copying, altering, destroying, or otherwise interacting with any data, in particular data of other individuals, to which you may gain access through this research. If you happen to interact in any way with another individual's data, you must report this to us immediately.

Don't impact our services.

You must avoid causing any interruption or degradation of our services. Researchers who are found to be using aggressive automated tools will be blocked and removed from the program.

No interacting with others.

Any form of interaction with others on or through our Site, including but not limited to other Indeed users, is strictly prohibited.

Cooperate with Indeed.

You will be expected to cooperate with us if we request your assistance in connection with your research.

Follow Bugcrowd’s rules.

This program follows Bugcrowd’s standard disclosure terms.


Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.