Private Internet Access’ Bug Bounty for VPN Vulnerabilities

Private Internet Access’ main mission has always been to create a safe internet where you can browse, stream, game, download, and do anything in between without privacy concerns. We’ve worked tirelessly to expand our services and improve VPN features while maintaining a high level of transparency. 

We stand by our product and do everything we can to prove it to you. Last year, Deloitte inspected PIA’s server network as part of an independent audit – for the second time.  For us, it’s just the beginning.

Our vulnerability disclosure program has played a key role in helping us strengthen PIA and maintain the high standards our users expect from a top-tier VPN. We love seeing you get involved and appreciate every bit of feedback we receive. That’s why we’ve opened our bug bounty program to the public. 

The program allows white-hat hackers, researchers, and bounty hunters to submit vulnerability reports. PIA bug bounties are paid out in tiers depending on severity, with the highest tier being rewarded with $1250.

We’re excited to see what you come up with and look forward to working with you.

What Is PIA’s Bug Bounty Program?

A bug bounty program is a reward system available to anyone who finds and reports security vulnerabilities within our system. It allows cybersecurity researchers and enthusiasts to test our apps and network for possible entry points cybercriminals might be able to exploit.  

If you have a valid exploit, you can use our designated platform, YesWeHack, to report the vulnerability. This report is first sent to YesWeHack’s security team for validation and approval. Then, our security tribe receives it for review. In exchange for this information, you receive a financial incentive.

Despite popular belief, companies don’t use bug bounties because their infrastructure lacks security – quite the opposite. Only businesses with the highest levels of cybersecurity open themselves to the public and look for additional verification from external experts.

How Bug Bounties Benefit Private Internet Access (And You)

PIA’s bug bounty is a win-win. It has multiple benefits for everyone involved:

• It helps us identify and patch up more potential vulnerabilities in less time.
• It allows more people to test our open-source code, which means weak points have fewer chances of sneaking through checks.
• It’s a chance for talented ethical hackers and researchers to showcase their skills, and for us to get external feedback on our security stack.
• It offers financial rewards of up to $1250 per valid bounty report.

How to Get the Bug Bounty Awards

To cash in a bug bounty award, you need to find and submit a security issue that falls into one of the following categories:

1. Unlicensed access to our VPN servers
2. Remote Code Execution (RCE)
3. VPN server vulnerabilities allowing third-party monitoring or leaking user data

Only the first person who submits a certain valid vulnerability receives a monetary reward.