Southeast Asia eCommerce platform Lazada launches public bug bounty program with YesWeHack

SINGAPORE – Media OutReach – 10 June 2021 – Southeast Asia’s leading eCommerce platform Lazada announces the launch of a public bug bounty program with YesWeHack, after running a successful 18 month-long private program. Since January 2020, Lazada has worked with over one hundred ethical hackers to surface vulnerabilities, and has awarded over US$150,000 in bounties to security researchers as part of a private bug bounty program.

Southeast Asia eCommerce platform Lazada launches public bug bounty program with YesWeHack (Copyright YesWeHack)

Kevin Gallerin, Managing Director APAC at YesWeHack (Copyright YesWeHack)

Lazada is now taking additional steps in providing transparency and security to its customers, by transferring the areas previously tested in the private program to a public program. This allows cybersecurity researchers from all over the world to participate in the program and report vulnerabilities to the eCommerce platform.

Protecting customer data is a top priority

With the launch of this public Bug Bounty program, Lazada is making a statement to the eCommerce industry, and highlighting the priority it places on security and transparency for its customers and partners.

“By launching this latest public bug bounty program, we are sending a clear message to everyone, that we value the importance of data in our possession. We believe in the expertise of the YesWeHack community and are excited to continue to work with ethical hackers in identifying new attack methods and countering them. This is about protecting our data, protecting our employees and protecting our customers against vulnerabilities,” says Franck Vervial, Head of Cyberdefence at Lazada.

Furthermore, special attention will be paid to vulnerabilities that affect personal data and have severity levels of “high” or “critical.” For submitted reports on critical vulnerabilities, Lazada will pay out up to US$10,000 to security researchers.

More information of the public bounty program can be found here.

#YesWeHack