Security News > 2022 > February > ExpressVPN offering $100,000 to first person who hacks its servers
ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems.
Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer.
The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive the US$100,000 bounty.
The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach ExpressVPN's servers as part of the program.
ExpressVPN follows a RAM-only approach for its servers and employs a periodic data wiping system that activates upon reboots.
The system has a build verification that prevents insider code tampering events and is patched every week with clean installations on every ExpressVPN server.