Streaming, and Spotify for that matter, couldn't have been made possible without the accessibility and connectivity of the Internet. Unfortunately, with that openness and interconnectedness, came malicious attackers who look to exploit weaknesses in web sites and applications.
At Spotify, we're committed to protecting our information, as well as yours. So two years ago we began using the HackerOne platform for our bug bounty program. Now, we're looking back on successes and learnings that will continue to help improve the program at Spotify.
Want to learn more? We've broken it down into six frequently asked questions.
1. First off, what is a bug bounty program? There are ethical and responsible security researchers who discover weaknesses via the same tactics and tools used by hackers. They report these weaknesses to site owners, so that they can be fixed before others can use them for malicious purposes. Bug bounty programs exist to make it easier for security researchers to report these weaknesses to site owners. As a token of gratitude, the site owners often reward money or swag to the researchers for their efforts.
2. When and why did Spotify start a bug bounty program? Our Security team launched its bug bounty program in 2015, when we were a very small team that occasionally received vulnerability reports from researchers responsibly disclosing bugs. Although we didn't receive a huge number of reports, it was clear that managing them by hand, primarily through email, would prove difficult. During that time, we had been rewarding reports with any swag we happened to have on hand, or giving them credit on our wall of fame at https://www.spotify.com/bounty/. However, because this work and reporting was so crucial, we wanted to start giving cash for bug submissions.
In May 2017, we moved our bug bounty program onto HackerOne, a leading cybersecurity bug bounty platform, to take advantage of their platform and managed services. We now accept bug bounty reports at https://hackerone.com/spotify. From there, the HackerOne team reviews the report for validity and severity, then loops in our Spotify Security team. Then, we're able to work together to find a resolution and reward the security researcher who found the bug in the first place.
3. What are some of the benefits of using HackerOne? Since we started using the HackerOne platform and managed services, we've received over 365 valid and actionable reports and rewarded over $120,000 to security researchers for their efforts.
4. What sort of problems have been reported? We receive the largest amount of reports on our most visible websites, www.spotify.com and community.spotify.com, but also receive reports on our mobile applications, desktop applications, and other apps and software.
One other area where we face challenges is with partner development. The reports we get here are for sites that Spotify has contracted to have built, or companies that Spotify has acquired that didn't have the benefit of being developed with the same security protocols in place.
5. Why is finding these vulnerabilities such a big deal? If the vulnerabilities mentioned above were to be discovered by a malicious actor, our websites or apps could be attacked, thus harming the brand and reputation of Spotify. Or, the credentials could be used for lateral movement or in a phishing attack. None of this is good for us or our users.
6. So what's the next step for security at Spotify? As mentioned, a lot of reports come regarding sites developed by our partner developers. So to help them, we're developing something we call the Global Preferred Production Partner Program. It's a security-focused set of standards and runtime environments for Partner Developers outside of Spotify. It also includes a set of expectations for vendors that help us ensure we can rapidly and effectively respond and correct vulnerabilities that are reported to us through the bug bounty program.
So far, working with HackerOne has raised security awareness within our engineering organization, exposed weaknesses in our security posture, and helped us better understand our attack surface. Even if you have no experience in bug hunting, check out our program page at https://hackerone.com/spotify. We think there are always opportunities to make our security stronger.
Europe Stories
11/12/2025
Dalet, a leading provider of cloud-native, end-to-end media workflow solutions, ...
28/11/2025
It's easy to ignore those little red update available badges. But when it ...
28/11/2025
Friday 28 November 2025
Sky Sports x Slawn drop limited-edition football jersey...
28/11/2025
Rohde & Schwarz shows resilience in a challenging environment, revenue exceeds t...
28/11/2025
Unwrapped: The Toy Show Appeal - airing this Sunday on RT One and RT Player- s...
27/11/2025
27 Nov 2025
GSMA brings M360 Eurasia 2026 to Samarkand in partnership with VEON...
27/11/2025
Tahar Rahim and Izuka Hoyle star in the gripping six-part Sky Original from Acad...
27/11/2025
Thursday 27 November 2025
Sky Arts Reveals the Nation's Greatest Basslines - and Queen Reign Supreme
The UK's most iconic basslines have been revealed...
27/11/2025
Rating reflects rating progress across areas including policies, diversity & inclusion, health & safety and Net Zero leadership
Winchester, UK, 27 November 202...
27/11/2025
What are the industry standards for Retail Media? Kathryn explains that certification is based on the IAB Europe Retail Media Measurement Standards and the IAB ...
27/11/2025
World champion boxer and Irish sporting icon Katie Taylor will be in studio this...
27/11/2025
Roblox, one of the world's most popular online gaming platforms for primary ...
26/11/2025
Book podcasts are booming. On Spotify, you'll find everything from celebrity book clubs to deep dives with bestselling authors. And in markets where audiobo...
26/11/2025
YouView Achieves Greenly Gold Certification for SustainabilityNov 26, 2025
YouView is proud to announce a Gold Certification award from Greenly for our perform...
25/11/2025
Tracy Bonareri Onchoke, an investigative journalist from Kenya is the winner of the Thomson Foundation's Young Journalist Award 2025.
The 26-year-old-sele...
25/11/2025
The best playlists, podcasts, and audiobooks bring a little extra magic to your daily routine. With new features and offerings, Spotify Premium delivers even mo...
25/11/2025
Comprehensive new research confirms what we already knew: Australian music fans love the quality, quantity, and access they have to new and local music on strea...
25/11/2025
Applicable Products
Objectives The purpose of this application note is to give a brief background on 5G (NR) wireless communication an explain the reason a SN...
25/11/2025
25. November 2025 Cecilia Pierron
Last week, we took part in OnDAM 2025, an educational conference fully dedicated to DAM, hosted by Activo Consulting. The ...
25/11/2025
25 Nov 2025
VEON's QazCode and MeetKai Sign Agreement to Power National LLM...
25/11/2025
UKTV has acquired a high-profile slate of US dramas from Paramount Global Conten...
25/11/2025
A symphony of genius, rivalry and vengeance, boldly reimagined from Peter Shaffe...
25/11/2025
Article courtesy of Cinematography World
Read the article
FilmLight has finalised the prestigious 2025 FilmLight Colour Awards jury and welcomed award-winning...
25/11/2025
Article courtesy of Prensario
Read the article
La serie fue dirigida por Juli n de Tavira, Rodrigo Santos, y David Leche Ruiz, con direcci n de fotograf a a...
25/11/2025
Article courtesy of The Hollywood Reporter
Read the article
The awards, celebr...
25/11/2025
Article courtesy of Televisual
Read the article
Already live in Los Angeles and rolling out in New York and London, Nara gives producers, colourists, conform ...
25/11/2025
Article courtesy of Digital Media World
Read the article
ARTONE post-house in Tokyo is the first facility in Japan to integrate Baselight M, choosing its prec...
25/11/2025
Article courtesy of The Hollywood Reporter
Read the article
Once hidden in post-production suites, the artists who make movies and TV shows look the way they ...
25/11/2025
Article courtesy of Deadline
Read the article
The Brutalist' & Bad Bunny's Nuevayol' Music Video Among 2025 FilmLight Colour Award Winners - Cam...
24/11/2025
Robyn made her long-awaited return to the stage this week, as Spotify and Acne Studios brought friends and top fans together for an unforgettable evening at the...
24/11/2025
After more than two years of redevelopment, FC Barcelona returned to its spiritual home on November 22, hosting Athletic Club in the first La Liga match at the ...
24/11/2025
24 Nov 2025
Kyivstar Launches Starlink Direct to Cell Satellite Connectivity in Ukraine Today's Launch Makes Ukraine the First Country in Europe Where Star...
24/11/2025
Ahead of the new ninth series of Dancing with the Stars, kicking off in January 2026, RT and Shinawil have announced the arrival of three new faces to the hit ...
21/11/2025
Fans have been counting down the days until the final theatrical chapter of Wicked is revealed. To celebrate the highly anticipated release of Wicked: For Good ...
21/11/2025
Last week, Spotify turned up the volume in Seoul with the return of Spotify Hous...
21/11/2025
Wiesbaden, November 21, 2025. The SGL Carbon site in Meitingen has reason to celebrate as one of its trainees received a special award. Elias Stemmer was honore...
21/11/2025
Sky Media's £2m award-winning sustainability initiative crowns its first charity as this year's standout changemakerFriday 21 November 2025
GoodGym nam...
21/11/2025
As COP30 draws to a close, the International Electrotechnical Commission (IEC), ...
20/11/2025
Your playlists are personal. They're the soundtracks to your road trips, your quiet mornings, and your biggest celebrations; collections of memories and dis...
20/11/2025
Spotify, uzun s redir zerine al t T rk m zik k lt r n n ikon haline gelmi ...
20/11/2025
For the first time, Spotify has teamed up with The Hollywood Reporter to cohost ...
20/11/2025
This year's ARIA Awards marked a turning point for Australian music, and Spotify was right at the heart of it. For the first time in the awards' nearly ...
20/11/2025
15 March 2012
SHARE Facebook Twitter Linkedin Email
Cinegy and Vericom are pleased to announce the recent deployment of Cinegy Archive for production and as...
20/11/2025
6 September 2012
SHARE Facebook Twitter Linkedin Email
FIC Turkey supplies media content to Pay TV under Fox TV Channel brands in Turkey.
At the start of s...
20/11/2025
25 June 2014
SHARE Facebook Twitter Linkedin Email
Last month VIVA finalized its Cinegy installation in order to produce and broadcast the World Cup Brazil ...
20/11/2025
1 October 2014
SHARE Facebook Twitter Linkedin Email
With 5 locations spread out around Baden-W rttemberg, Schw bisch Media required a scalable end to end s...
20/11/2025
27 April 2015
SHARE Facebook Twitter Linkedin Email
Cinegy, which develops and produces media asset management products that are used in flagship production...
20/11/2025
12 August 2015
SHARE Facebook Twitter Linkedin Email
Munich, Germany, 26 October 2015 - Cinegy, which develops and produces software technology for digital ...
20/11/2025
5 November 2015
SHARE Facebook Twitter Linkedin Email
Munich, Germany 3 November 2015 - Cinegy, which develops and produces software technology for digital ...
Streaming, and Spotify for that matter, couldn't have been made possible without the accessibility and connectivity of the Internet. Unfortunately, with that openness and interconnectedness, came malicious attackers who look to exploit weaknesses in web sites and applications.
