Hyatt Launches Public Bug Bounty Program with HackerOne

Hyatt Hotels Corporation announced the launch of a public bug bounty program with HackerOne in which ethical hackers are invited to test Hyatt websites and mobile apps for potential vulnerabilities and securely disclose them to Hyatt. In working with HackerOne, Hyatt is able tap into the vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities.

“At Hyatt, protecting guest and customer information is our top priority and launching this program represents an important step that furthers our goal of keeping our guests safe every day,” said Hyatt Chief Information Security Officer Benjamin Vaughn. “As one of the first global hospitality brands to launch this type of program, we extend the ways we care for our guests and deepen our commitment to protecting their sensitive information.”

Through the bug bounty program, security researchers will be able to earn cash rewards, also known as bounties, if they report valid security flaws on Hyatt.com, m.hyatt.com, world.hyatt.com, and the iOS and Android versions of the Hyatt mobile app so they can be safely resolved. All ethical hackers that have agreed to HackerOne’s terms and conditions, and adhere to disclosure guidelines are eligible to participate in this program.

“Bug bounty programs are a proven method for advancing an organization’s cyber security defenses, trusted by leading enterprises across industries,” said HackerOne CEO Marten Mickos. “In today’s connected society, vulnerabilities will always be present. Organizations like Hyatt are leading the way by taking this essential step to secure the data they are trusted to hold.”