Private Internet Access offers a bug bounty program to make our products safer and to reward whitehat security researchers for alerting us to potentially problematic bugs in our software.
While PIA VPN is thoroughly vetted for any bugs and vulnerabilities, there are extremely rare instances where things slip through the cracks.
Because our software is open-source and publicly available in order to provide transparency for our users, anyone may inspect it and potentially discover a bug. If you do, we implore you to alert us. Please follow “whitehat” practices and responsibly disclose your discovery to PIA. We prioritize the investigation of reports and harden our systems if the discovery is legitimate.
We offer an anonymous monetary prize — of an amount set at our absolute discretion — paid in Bitcoin to an address of your choosing — to reward your fair disclosure of security vulnerabilities or bugs in PIA software. If you would like to receive direct or pseudonymous recognition for your efforts, we may be able to arrange to interview you for our blog.
Some examples of potential rewards include thousands of US dollars for confirmed, unique SHELL access or SQL access like vulnerabilities.
Each report will be examined on a case by case basis for legitimacy and severity. Note that at this time, forum software vulnerabilities are not eligible for this program; we encourage you to report them directly to the Vanilla Forums developers.
In addition, if you provide us time to respond to your discovery and do not damage our systems, we will not pursue any criminal charges.
Please email [email protected] to report any discoveries.