We at Magenta (T-Mobile Austria GmbH) want to make a collaboration with the global security community. With global expertise, we can better protect ourselves as a company and boost the community at the same time. Together we want to continuously check our external attack surface to constantly become more secure.
What we want is for participants to have fun with the Bug Bounty Program and to deal with the vulnerability fairly and responsibly. For us, this means that the vulnerabilities find by the participants are not disclosed to others or published.
How do you get your reward?
There is a reward if the vulnerability can be exploited without user interaction (social engineering) and the vulnerability leads to at least one compromised system.
- You have followed our rules and reported a vulnerability that was not previously officially known. It must be the first submission about this vulnerability.
- You have used real, own accounts. Access to third party account data without their consent is not desired.
- You found the flaw without using scanner tools. The vulnerability must not be based on an outdated third-party software component.
If you submit the bug to us, we need an example (unique request or PoC code) and a description. Please indicate which browser you have used and how it is configured.
What is bug bounty program?
In short, it's about inviting the world to legally check our external systems, which are listed below, for security vulnerabilities and, if a vulnerability is found, to let us know that we could fix it and pay the finder a finder's fee.
Who are we aiming to reach?
The target group is people with an affinity for IT security, such as security researchers or freelancers who would like to find vulnerabilities in systems.
All T-Com employees worldwide are excluded.