Yahoo’s three-year-old bug bounty program has paid out more than $2 million to bug hunters with the most recent important find taking place in April when a vulnerability in Flickr was revealed.
The money was split between more than 2,000 from more than 80 countries with 200 bug hunters being awarded funds in 2016 alone, Yahoo! reported.
“These bounties helped to fix vulnerabilities of varying severity across our web properties. Most bounties accounted for less impactful vulnerabilities, but some were more substantial,” wrote Andrew Rios, Yahoo security engineer.
The company admitted asking hackers to poke and probe their network comes with some inherent risks, but Rios called it an acceptable risk. The most recent payoff for this gamble earned one bug hunter $7,000 when he identified a problem with Flickr, which Yahoo! was able to patch.
Yahoo! was the focus of one of the largest data breaches on record with somewhere in the neighborhood of 1 billion records being stolen in two incidents, which had a major impact on the company’s attempt to sell itself to Verizon.