Opera Public Bug Bounty

Opera is a leading global internet brand with a large, engaged and growing base of over 380 million average monthly active users.

  • $50 – $5,000 per vulnerability
  • Up to $10,000 maximum reward
  • Safe harbor
Submit report

Opera Bug Bounty Newsletter - April 2022

Opera Bug Bounty Newsletter - April 2022

I. New scope in the program

We are pleased to announce that Loomi.tv has just been added to the scope of the Opera public bug bounty program. It is a VOD service with some free content. You need an Opera Auth account to be able to log in.

Please note that the service is relatively new and for now the streaming service is currently geo-limited to Poland (at least for the paid material, due to legal reasons).

We are mostly interested in hacks allowing us to rent a movie without paying for it. However, we will consider all meaningful submissions.

II. NodeBB zero day write-up

We received a bug bounty submission from researcher Mar0uane, about a vulnerability in one of the forums we maintain, relating to an account-takeover vulnerability affecting the software’s single-sign-on module. Write-up of this story is published on Opera’s security blog:
https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/

Regards,
Opera Security Team

TheOperaSinger
TheOperaSinger