Reporting site bugs to Facebook can earn you at least $500. Report one to Google, and you’re guaranteed at least $100. Just don’t go crying to Yahoo because you’ll be lucky to get a half-used gift card to the Hard Rock Cafe. Actually, that’s on the generous side. Someone reported an error that exposed a site vulnerability and received $12.50…that’s only redemable at the company store.
Security firm High Tech Bridge said it found three instances of phishing techniques that could compromise the security of a user’s account on Yahoo. So the firm reported the vulnerability to Marissa & Co. Two days later, they received a thank you note, with a store credit that’d barely cover lunch and can only be used on Yahoo-branded socks, hats and stuffed animals.
Needless to say, the firm’s CEO wasn’t pleased. Ilia Kolochenko blasted the company in a press release for its pathetic pittance:
Yahoo should probably revise their relations with security researchers. Paying several dollars per vulnerability is a bad joke and won’t motivate people to report security vulnerabilities to them, especially when such vulnerabilities can be easily sold on the black market for a much higher price.
Perhaps Yahoo ran out of money because they spent it all on a new logo. Or maybe they just hate you!