Stephanie Sum

Grab turns to HackerOne to Safeguard Customer Data; will award up to $10,000 USD to hackers who identify security weaknesses

SAN FRANCISCO-- July 12, 2017 --HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today announced the launch of a public bug bounty program for Grab, Southeast Asia’s largest ride-hailing platform. Grab is the latest company to rely on HackerOne to improve security, joining General Motors, Twitter, Starbucks, Nintendo and over 800 other companies embracing continuous, hacker-powered security.

Grab, which is based in Singapore, operates in 65 cities across Southeast Asia and provides up to 2.5 million rides daily. The Grab app has been downloaded onto over 45 million devices. To date, Grab’s bug bounty program has resolved nearly 200 vulnerabilities. Building on the success of its private bug bounty program, Grab’s public program will invite HackerOne’s extensive global network of over 100,000 hackers to search for unknown security vulnerabilities.

“Sophisticated and far-reaching security measures, such as those made accessible through HackerOne’s platform, are vital to earning the trust of our passengers and drivers,” said Ditesh Kumar, director of engineering, Grab. “We believe that no technology is perfect and that working with a diverse portfolio of skilled security researchers is crucial to building the safest technology possible.”

HackerOne is the most widely adopted bug bounty and vulnerability disclosure platform provider in the world. Bug bounty programs are cost-effective and allow software-powered organizations to identify vulnerabilities in systems faster. More than 50,000 security vulnerabilities have been resolved by more than 800 organizations on HackerOne globally, including Adobe, the U.S. Department of Defense, GitHub, Intel, Slack, Qualcomm and more.

“Working with the hacker community is an undeniably effective way to find security vulnerabilities,” said Alex Rice, CTO and founder, HackerOne. “The launch of Grab’s public bug bounty program signals their commitment to working the largest hacker community to protect their over 45 million mobile customers.”

Grab will award hackers between $100 to $10,000 USD per valid vulnerability reported, depending on the impact and severity of the issue. To participate or learn more about Grab’s public bug bounty program visit

About Grab

Grab is Southeast Asia's leading ride-hailing and mobile payments platform. Grab solves critical transportation challenges to make transport freedom a reality for 620 million people in Southeast Asia. Grab's core product platform includes transport solutions for drivers and passengers with an emphasis on convenience, safety and reliability, as well as its proprietary mobile payments platform, GrabPay. Grab currently offers services in 65 cities across Singapore, Indonesia, Philippines, Malaysia, Thailand, Vietnam and Myanmar. For more information, please visit: