PayPal creates new Bug Bounty Portal

PayPal creates new Bug Bounty Portal for Security Researchers

Today in the morning the PayPal Inc Security Team published a letter via email to all active security researchers of the official bug bounty program.

Due to the eBay Inc and PayPal Inc separation, the eBay Bug Bounty portal will no longer be used to file new vulnerabilities effective July 2015.

PayPal has created a new Bug Bounty portal to file new PayPal vulnerabilities. This will require you to register and login using a new or existing PayPal accounts' login credentials. Instructions on how to register for the new portal will be sent out over email closer to the go live date and will also be available on the PayPal Bug Bounty Program page.

After the new PayPal Bug Bounty portal goes live, the next step is reconciling the data that has already been submitted. This means that issues filed through the eBay Bug Bounty portal will be temporarily unavailable for your review. Paypal want to assure you that none of your account history will be lost and you will continue to receive email notifications for any status changes, including payouts, on previously filed bugs. After the launch of the new portal, Paypal will be reaching out to you with instructions on how to merge your new account details with your previously-submitted information. Paypal expect this merging process to be completed by the end of September and will keep you informed if anything changes.

To file new bugs related to Magento vulnerabilities please follow instructions on the Magento Security Center page. https://magento.com/security