Today Hyatt Hotels Corporation announced the release of their public bug bounty program on Hacker One. Using this program, researchers can be rewarded for reporting vulnerabilities on three Hyatt web sites and their mobile applications for Android and iOS.

Hyatt HackerOne Program
Hyatt HackerOne Program

As part of this program, researchers can search for vulnerabilities on hyatt.com, www.hyatt.com, world.hyatt.com, and the Hyatt Hotels Mobile Applications for Android & iOS. For vulnerabilities found under these assets, Hyatt will pay between $300 to $4,000 USD depending on the severity of the vulnerability.

Hyatt's bug bounty program was originally launched as a private invite only program on HackerOne, which received 14 reports and paid out $5,600 in bounties. Based on the positive results with the program, Hyatt decided to open the program up to everyone.

"Hyatt Hotels Corporation (NYSE: H) today announced the launch of a public bug bounty program with HackerOne in which ethical hackers are invited to test Hyatt websites and mobile apps for potential vulnerabilities and securely disclose them to Hyatt," stated Hyatt's press release. "In working with HackerOne, Hyatt is able tap into the vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities."

In an email with BleepingComputer, HackerOne told us that the Hyatt is the first major hotel chain to launch a public bounty program. Sources familiar with other programs on HackerOne have told BleepingComputer that Marriott International also has a bug bounty program, but it is private and invite only.

Related Articles:

US Defense Dept received 50,000 vulnerability reports since 2016

Google paid $10 million in bug bounty rewards last year

PuTTY SSH client flaw allows recovery of cryptographic private keys

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

Telegram fixes Windows app zero-day used to launch Python scripts