• Points – $100,001 per vulnerability
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 806
  • Validation within 4 days 75% of submissions are accepted or rejected within 4 days
  • Average payout $7,894.44 within the last 3 months

Latest hall of famers

Recently joined this program

T-Mobile is committed to protecting our customers, our employees, our partners, and our brand. As part of this commitment, T-Mobile USA, Inc. (“T-Mobile”) looks forward to working with the security community to keep our customers and business safe.

If you have identified a security vulnerability in a T-Mobile property, application, or system, we encourage you to report it. We’ll evaluate the reported vulnerability and promptly take appropriate action.

The scope of this program is limited to T-Mobile. Please note that we do not own (and therefore cannot remediate findings on) non-T-Mobile assets, including those associated with Deutsche Telekom.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.