Hyatt rolls out public bug bounty program on HackerOne

Friday 11 January 2019 10:22 CET | News

Hyatt Hotels Corporation has announced the release of their public bug bounty program on HackerOne.

As part of this program, researchers can search for vulnerabilities on,,, and the Hyatt Hotels Mobile Applications for Android and iOS. For vulnerabilities found under these assets, Hyatt will pay between USD 300 to USD 4,000 USD depending on the severity of the vulnerability.

Hyatts bug bounty program was originally launched as a private invite only program on HackerOne, which received 14 reports and paid out USD 5,600 in bounties. Based on the positive results with the program, Hyatt decided to open the program up to everyone, according to BleepingComputer.

In 2017 the the company’s cyber security team discovered signs of unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. The incident affected payment card information such as cardholder name, card number, expiration date and internal verification code.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: security testing, Hyatt Hotels Corporation, public bug bounty, data breach
Countries: World