Twitter awarded bug bounty hunters $322,420 over two years

The highest amount anyone ever got was $12,040.

Updated ·1 min read

A total of 1,662 researchers earned some cash from Twitter's bug bounty program since it launched in May 2014. Twitter has revealed that it received 5,171 reports and that it paid out a total of $322,420 over two years' time. The smallest amount anyone ever got was $140, while the biggest was $12,040. Although bug hunting for Facebook sounds much more lucrative -- the social network spent a million dollars within the first two years of its own program and awarded some researchers over $100,000 each -- a single bug hunter for Twitter did make $54,000 in 2015.

Not to mention, the microblogging website has a standing offer of $15,000 for anyone who discovers a vulnerability that leaves it open to remote code executions. Twitter says it hasn't received any yet, but that's good news for the company. Besides talking about all the money that changed hands for the program, Twitter also revealed that only 20 percent of fixed bugs have been publicly disclosed. It says the company only discloses flaws "after they've been fixed, at the request of the researcher." If you're wondering what kind of vulnerabilities bounty hunters come across, Twitter lists some of the researchers' most notable finds in the same post.