Skip to main content
All CollectionsCommunity
Is there a Bug Bounty? Can I get paid for finding bugs?
Is there a Bug Bounty? Can I get paid for finding bugs?
Updated over a week ago

There is a bug bounty! Chess.com will pay users who find the most severe vulnerabilities in our systems.

What kind of bugs do you pay for?

We do not pay a bug bounty for user interface, graphics, or data bugs which do not pose a security threat. However reporting these bugs through our “Report a Bug” system in the Help menu allows us to regularly award free memberships to Reporters who help us the most. Please read how to report these kinds of non-security threat bugs here.

We DO pay a bounty for severe vulnerabilities. "Vulnerabilities" are bugs which damage data or expose non-public data about our members or the company itself, or which allow a person who is not the owner of an account to act as the owner. Vulnerabilities may be minor to severe, and in some cases may require Chess.com to follow formal legal processes.

How much do you pay?

Depending on the severity of the bug, the reward is different, anywhere from 80 USD all the way up to 4000 USD for the most severe bugs.

How do I claim a bug bounty?

To claim a bounty for a vulnerability you have discovered, follow these steps:

  • Report your finding to bounties@chesscom.atlassian.net

  • You must report your finding to us first and exclusively.

  • Your report must include a proof of concept, working code, steps to replicate, or other documentation so that our technical teams can identify which systems are affected and how.

  • You must provide your real name and contact information for payment.

  • Only the first to submit a complete report on a given vulnerability will receive a bounty.

  • Payment will be made after the vulnerability is fixed and verified by our teams.

  • Regressions of previously fixed vulnerabilities will be paid at half price.

If you have any questions or concerns about this policy you may reach out to bounties@chesscom.atlassian.net

Did this answer your question?