As part of this program, researchers can search for vulnerabilities on hyatt.com, www.hyatt.com, world.hyatt.com, and the Hyatt Hotels Mobile Applications for Android and iOS. For vulnerabilities found under these assets, Hyatt will pay between USD 300 to USD 4,000 USD depending on the severity of the vulnerability.
Hyatts bug bounty program was originally launched as a private invite only program on HackerOne, which received 14 reports and paid out USD 5,600 in bounties. Based on the positive results with the program, Hyatt decided to open the program up to everyone, according to BleepingComputer.
In 2017 the the company’s cyber security team discovered signs of unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. The incident affected payment card information such as cardholder name, card number, expiration date and internal verification code.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now