Whatbox Logo

Security Rewards

We provide financial rewards to independent security researchers who find exploits in our systems. You must have a valid PayPal account to receive cash rewards.

There are three ways to contact us and get your report escalated to a developer: IRC, a support ticket or security@whatbox.ca.

Before you begin

  1. You should make a good faith effort to not leak or destroy data. *
  2. You should not make your exploit public knowledge until it has been resolved.
  3. You should be able to demonstrate and explain your exploit completely to one of our developers.

* If you believe testing your exploit could cause harm to Whatbox or our customers, please contact our staff for access to an isolated server to test on. User privacy should be maintained as much as possible.

Programs available

Due to the breadth of our infrastructure the security program has been divided categorically. Please visit the appropriate section for rules and reward information on the component you will be testing.

Program Description
Primary website Security flaws on the whatbox.ca website
Distribution servers Security flaws affecting the *.whatbox.ca servers