Starting from December 1, 2023, users of the Standoff 365 platform will have access to the Wildberries vulnerability search program for a fee. The research area includes all the company's resources, including services for buyers, sellers, couriers, as well as for employees of warehouses and order collection points. In addition to the classic bug bounty, the company launches a program with a special scenario: a bug hunter who gets full access to the personal account of a test seller will earn 500 thousand rubles. This was reported to CNews by representatives of Positive Technologies.
According to Positive Technologies, 74% of attacks on retail organizations in the first three quarters of 2023 resulted in the leakage of confidential information — primarily personal (49%) and accounting (16%) data. Most often, attackers resorted to the use of HPE (48%), exploiting vulnerabilities on the external perimeter (45%) and social engineering (29%). According to experts, leaks in online retail are characterized by a large amount of compromised data — and the problem will only get worse. Therefore, companies in this area should pay special attention to information security issues, identifying and verifying events that are unacceptable for business.
The launch of the public program will allow the largest digital retail platform to test the security of its services using 7700 bug hunters registered on the Standoff 365 Bug Bounty platform, with different experience and tools. In the open program, Wildberries has increased the amount of rewards, and researchers will be able to earn up to 250 thousand rubles for detected bugs. At the same time, for the implementation of particularly dangerous scenarios that consist of several stages (for example, for obtaining full access to the personal account of a test seller), the company is ready to pay ethical hackers 500 thousand rubles.
In 2023, Wildberries participated in private Standoff Hacks events, where bug hunters searched for vulnerabilities in closed programs, and paid rewards worth more than 4 million rubles. Specialists tested not only the organization's external perimeter and web services, but also smart locks that will soon be used at order collection points.
According to Positive Technologies, 74% of attacks on retail organizations in the first three quarters of 2023 resulted in the leakage of confidential information — primarily personal (49%) and accounting (16%) data. Most often, attackers resorted to the use of HPE (48%), exploiting vulnerabilities on the external perimeter (45%) and social engineering (29%). According to experts, leaks in online retail are characterized by a large amount of compromised data — and the problem will only get worse. Therefore, companies in this area should pay special attention to information security issues, identifying and verifying events that are unacceptable for business.
The launch of the public program will allow the largest digital retail platform to test the security of its services using 7700 bug hunters registered on the Standoff 365 Bug Bounty platform, with different experience and tools. In the open program, Wildberries has increased the amount of rewards, and researchers will be able to earn up to 250 thousand rubles for detected bugs. At the same time, for the implementation of particularly dangerous scenarios that consist of several stages (for example, for obtaining full access to the personal account of a test seller), the company is ready to pay ethical hackers 500 thousand rubles.
In 2023, Wildberries participated in private Standoff Hacks events, where bug hunters searched for vulnerabilities in closed programs, and paid rewards worth more than 4 million rubles. Specialists tested not only the organization's external perimeter and web services, but also smart locks that will soon be used at order collection points.
