Private Internet Access

  • $75 – $1,250 per vulnerability
  • Safe harbor
  • No collaboration

Program stats

  • Vulnerabilities rewarded 29
  • Validation within 2 days 75% of submissions are accepted or rejected within 2 days
  • Average payout $230 within the last 3 months

Latest hall of famers

Recently joined this program

Private Internet Access operates thousands of VPN servers and makes cross-platform VPN applications for all major operating systems as well as routers and browser extensions.

Private Internet Access takes the security of its applications and services seriously. We have offered an in-house bug bounty program for years and have awarded thousands of dollars to security researchers. We value excellent engineering and are always looking for ways to improve the security of our products and services.

Ratings:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

We will review coordinated disclosures on a case by case basis. However, please note that we will automatically reject any findings that are marked as duplicates or not applicable. Please do not submit a disclosure request if your submission fits into these categories.

API keys and login information such as usernames and passwords may be submitted to the program and will initially be rated as a P5. We recommend you submit this information, and we'll review your submission and determine if it qualifies for an upgraded severity and reward.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.