E-Commerce platform Lazada has announced the launch of a public bug bounty program with “YesWeHack” to identify vulnerabilities, after running an 18 month-long private program.
Since January 2020, Lazada has been working with ethical hackers to detect security vulnerabilities in its IT environment as part of a private bug bounty program, and is now opening the program to the entire cybersecurity community.
With the launch of this public bug bounty program, Lazada is making a statement to the e-commerce industry, and highlighting the priority it places on security and transparency for its customers and partners, by offering security researchers up to $10,000 per bounty.
Founded in 2012 and headquartered in Singapore, Lazada is one of the leading e-commerce platforms in Southeast Asia and was acquired by Alibaba Group in 2016.
The company, which has operations in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, also offers logistics, retail technology and payment services solutions, in addition to LazMall, the region’s largest virtual mall with over 18,000 brands.
Since the launch of its private bug bounty program, Lazada has worked with over one hundred ethical hackers to surface vulnerabilities, and has awarded over $150,000 in bounties to security researchers.
This includes a pre-launch event for the public program conducted that saw hackers from the YesWeHack community identify vulnerabilities in 48 hours.
“With the evolving nature of data security, as well as the aggressive nature of hackers who exploit technology to steal data, we believe in working with the larger cybersecurity community to strengthen our IT ecosystems,” says Alan Chan, Chief Risk Officer of Lazada Group.
YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 25,000 cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.