Microsoft offers $100,000 to anyone who detects flaws in services
Posted: Wed Apr 23, 2025 5:09 am
Microsoft announced this week that it is offering rewards to anyone who finds bugs in its products .
The company is offering rewards of up to $100,000 to anyone who finds a security vulnerability in its identity services .
According to The Hack News , payouts for poland mobile database new Microsoft Identity Bounty Program range from $1,500 to $ 100,000 , depending on the type of exploit, its impact on the system, and the quality of the report submitted. The new bounty program involves Microsoft's account identity solutions and Azure Active Directory , as well as some implementations of the OpenID specification .
Microsoft has outlined the criteria that security researchers and hackers must meet in order to be eligible for the payment. Here are the criteria :
Identify a unique, previously unreported, critical or important vulnerability that reproduces in our Microsoft Identity services listed in scope;
Identify a unique, previously unreported vulnerability that results in the takeover of a Microsoft Account or an Azure Active Directory account ;
Identify a unique and previously unreported vulnerability in the listed OpenID standards or with the protocol implemented in our certified products , services or libraries;
Submit bugs about any version of the Microsoft Authenticator app , but bounties will only be paid if the bug is related to the latest publicly available version;
Include a concise problem description and reproducibility steps that are easily understood;
Include the impact of vulnerability;
The company is offering rewards of up to $100,000 to anyone who finds a security vulnerability in its identity services .
According to The Hack News , payouts for poland mobile database new Microsoft Identity Bounty Program range from $1,500 to $ 100,000 , depending on the type of exploit, its impact on the system, and the quality of the report submitted. The new bounty program involves Microsoft's account identity solutions and Azure Active Directory , as well as some implementations of the OpenID specification .
Microsoft has outlined the criteria that security researchers and hackers must meet in order to be eligible for the payment. Here are the criteria :
Identify a unique, previously unreported, critical or important vulnerability that reproduces in our Microsoft Identity services listed in scope;
Identify a unique, previously unreported vulnerability that results in the takeover of a Microsoft Account or an Azure Active Directory account ;
Identify a unique and previously unreported vulnerability in the listed OpenID standards or with the protocol implemented in our certified products , services or libraries;
Submit bugs about any version of the Microsoft Authenticator app , but bounties will only be paid if the bug is related to the latest publicly available version;
Include a concise problem description and reproducibility steps that are easily understood;
Include the impact of vulnerability;