Security News > 2020 > February > Dropbox Paid Out Over $1 Million Through Bug Bounty Program
File hosting company Dropbox says it has awarded researchers over $1 million for vulnerabilities reported through its bug bounty program.
Dropbox launched its bug bounty program in 2014 and in April 2015 it announced a program on the HackerOne platform.
The bug bounty program currently covers the company's main websites, its Paper collaborative workspace service, and its desktop and mobile applications.
Rewards range between $216 and over $32,000, with the top amount offered for critical remote code execution vulnerabilities affecting Dropbox servers.
Dropbox has also shared a list of its favorite bug reports, which includes vulnerabilities that could have been exploited to access password-protected documents, gain access to a user's Paper documents, access internal Dropbox services via server-side request forgery, steal file content, and perform ImageTragick attacks.