TMCnet News

1Password Raises Bug Bounty to Industry-Leading $1 Million
[March 10, 2022]

1Password Raises Bug Bounty to Industry-Leading $1 Million

TORONTO, March 10, 2022 /PRNewswire/ -- Human-centric security leader, 1Password, announced it has increased its top bug bounty reward to $1 million, marking the highest bounty in Bugcrowd history and one of the largest rewards in cybersecurity. The new program builds on a long history of successful bug bounty programs and is aligned with the company's commitment to providing an industry-leading security platform for both businesses and families.

"No one should have to choose between safety and convenience, and we're making this major investment to demonstrate our commitment to keeping 1Password customers secure," said Jeff Shiner, CEO of 1Password. "Increasing our bug bounty to $1 million will attract another layer of outside expertise to make sure our systems are as secure as possible. Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence."

As part of its normal day-to-day operations, 1Password regularly engages external security experts and white hat hackers to point out any blind spots to strengthen its platform. This program expands that initiative by enlisting thousands of researchers whose collective intelligence enables 1Password to consistently deliver a user-friendly and reliable product that makes protecting privacy, data and personal information second nature.

Since beginning the bug bounty program in 2017, 1Password has paid out $103,000 to Bugcrowd researchers, averaging $900 per reward. While all detected bugs have been minor, showing no threat to the secrecy of sensitive customer data, 1Password was able to resolve them quickly to reduce the risk of attacks. After nearly 800 attempts from researchers at the previous bounty of $100,000, the total payout to date demonstrates the team's relentless commitment to security.

"The researcher community has long been a pivotal piece of the security puzzle, and is especially important today as hackers become savvier with their techniques and threats scalate from Russia," said Ashish Gupta, CEO of Bugcrowd. "1Password has held our top bug bounty reward spot since 2017, and their new top prize of $1 million underscores their respect for the value our community provides."

This bug bounty program, builds on a number of additional security programs 1Password has in place, including:

  • Conducting more than a dozen external penetration tests annually, the results of which are then released in full to the public.
  • Staffing protocols that ensure security-directed developers are always embedded within product development teams.
  • Security Ambassador Program to continuously train and develop security expertise in development teams.
  • Eyes of the Month program that rewards the employees that report the most impactful security issue of the month, routinely surfacing bugs that can only be found by those familiar with the subject matter and creating an ongoing educational forum to present learnings across the entire company.
  • Internal testing and review programs designed to strengthen the company's strong culture of privacy and security.

For researchers and others looking to learn more about the 1Password bug bounty program, please visit 1Password on their website and Bugcrowd.

About 1Password
1Password's human-centric approach to security keeps people safe, at work and at home. It's the only solution built from the ground up to enable anyone–no matter the level of technical proficiency–to navigate the digital world without fear or friction. The company's password management and credentials security platform is trusted by over 100,000 businesses, including IBM, Slack, Snowflake, Shopify, and Under Armour. 1Password protects the most sensitive information of millions of individuals and families across the globe, helping consumers and businesses get more done in less time – with security and privacy as a given. Learn more at

About Bugcrowd
Bugcrowd is the leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world. Today's enterprise demands an offensive approach to cybersecurity—and Bugcrowd offers the only solution that orchestrates data, technology, and human intelligence to expose blind spots. The Bugcrowd Security Knowledge Platform™ enables businesses to do everything proactively possible to protect their organization, reputation and customers with products like Bug Bounty, Penetration Testing-as-a-Service, and more. Trusted by organizations across the globe, Bugcrowd uncovers and remediates vulnerabilities before they interrupt business by leveraging expert ingenuity and the knowledge of world-class security researchers. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at

"Bugcrowd" and "Bugcrowd Security Knowledge Platform" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.


Cision View original content to download multimedia:

SOURCE 1Password

[ Back To's Homepage ]