High-Value Targets (Prioritized Programs)¶
This list highlights programs with the highest recent bounty payouts, prioritized for focused research. Rankings are based on aggregated HackerOne hacktivity for the 6-month window 2025-03 to 2025-08.
Last updated: 2025-09-01
Top Programs (last 6 months)¶
| Rank | Program | Total Payout | Reports | Program Page |
|---|---|---|---|---|
| 1 | Uber | $20,340.00 | 24 | https://hackerone.com/uber |
| 2 | Eternal | $9,300.00 | 12 | https://hackerone.com/eternal |
| 3 | OKG | $7,500.00 | 6 | https://hackerone.com/okg |
| 4 | TikTok | $6,000.00 | 12 | https://hackerone.com/tiktok |
| 5 | Sheer | $900.00 | 6 | https://hackerone.com/sheer_bbp |
| 6 | GitLab | $600.00 | 12 | https://hackerone.com/gitlab |
| 7 | PayPal | $600.00 | 6 | https://hackerone.com/paypal |
| 8 | Ferrero | $0.00 | 30 | https://hackerone.com/ferrero |
| 9 | MediaTek | $0.00 | 24 | https://hackerone.com/mediatek |
| 10 | Zooplus | $0.00 | 18 | https://hackerone.com/zooplus |
Strategic High-Value Additions¶
| Program | Priority | Reason | Program Page |
|---|---|---|---|
| Coinbase | 🚨 CRITICAL | Major crypto exchange, $50K+ critical bounties, 519 subdomains discovered | https://hackerone.com/coinbase |
Historical Notes (recent activity)¶
- Uber: Consistent “BountyAwarded” activity during 2025-03..2025-08 with multiple awards per month.
- Eternal: Frequent awards in late August; steady reporter engagement.
- OKG: Notable award spikes mid-to-late August 2025.
- TikTok: Regular bounty activity; multiple awards in August 2025.
- Sheer: Lower absolute payouts but steady cadence of awards.
- GitLab: Smaller individual awards; consistent monthly activity.
- PayPal: Intermittent awards, including early September.
- Ferrero/MediaTek/Zooplus: High volume of resolved activity; limited public award amount exposure.
Next Steps¶
- Review each program page and policy for current scope and exclusions
- Start or update program documentation directories using the templates
- Track changes to scope over time (dated entries)