Lazada in cooperation with YesWeHack has launched a public bug bounty program to identify vulnerabilities, following running a successful 18 month-long private program.
The program is focused on vulnerabilities of personal data, and Lazada will pay out up to US$10,000 in rewards per bounty to ethical hackers.
Since January 2020, Lazada has been working with ethical hackers to detect security vulnerabilities in its IT environment as part of a private bug bounty program. It is now opening the program to the entire cybersecurity community.
Through the public bug bounty program, Lazada is making a statement to the e-commerce industry, and highlighting the priority it places on security and transparency for its customers and partners.
“Given the importance of data and personal information, Lazada takes great care in protecting our customers and we have worked to patch these vulnerabilities, to ensure a safe shopping platform,” said Alan Chan, chief risk officer of Lazada.
“With the evolving nature of data security, as well as the aggressive nature of hackers who exploit technology to steal data, we believe in working with the larger cybersecurity community to strengthen our IT ecosystems,” said Chan.
Franck Vervial, head of cyberdefence at Lazada, said the collaboration with YesWeHack was about protecting their data, their employees and their customers against vulnerabilities.
“By reaching out to a broader community, Lazada strengthens its security, champions transparency and data privacy and protection,” ,” said Kevin Gallerin, YesWeHack managing director in Asia-Pacific. “Ultimately, building and maintaining the trust and experience of the several million users across APAC.”
Lazada has operations in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, also offers logistics, retail technology and payment services solutions, in addition to LazMall, a virtual mall with over 18,000 brands.
Since the launch of its private bug bounty program, Lazada has worked with more than a hundred ethical hackers to flush out vulnerabilities, and has awarded over US$150,000 in bounties to security researchers.