The Hacker News Logo
Subscribe to Newsletter

First week at MEGA Bounty Program, paid out thousands of dollars for seven Bugs

One week after launching a Bug bounty program by the Kim Dotcom's new file-storage and sharing service MEGA claims to have fixed seven vulnerabilities. Although Mega hasn't shared how much money and to whom it paid out in the first week. But as promised, it is clear that MEGA paid out thousands of dollars in bug bounties during the first week of its security program.

We found bug hunter yesterday (tweeted)- Mr. Frans Rosén received 1000 Euros in the bug fixing challenge. This tweet was also Re-tweeted by Kim Dotcom later, that confirmed Frans's class III bugs reward.

In a blog post, Mega explained how it classifies vulnerabilities and their impacts. Vulnerabilities were classified into VI classes, with I being the lowest risk and VI being the highest.

Seven qualified bug details are as shown below:
But the previous challenge to brute force the password from the confirmation link sent at sign up, or decrypt one of its hosted files, has remained unbroken. 

"We believe that it would be premature to draw any conclusions at this time barely three weeks after our launch and one week into the program. It is clear that the vulnerabilities identified so far could all be found by checking only a few lines of code at a time; none of them required any analysis at a higher level of abstraction." Mega Blog post said.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.