Case Study: FanDuel achieves stronger platform security and scalable vulnerability discovery with HackerOne

FanDuel - Customer Case Study

FanDuel is a leading fantasy sports platform used by millions and handling hundreds of millions in weekly transactions, so protecting sensitive customer data under strict regulations is critical. With a lean security and risk team of seven (only two focused on the bounty program) the company lacked the bandwidth and specialist skills to continuously monitor, scan and remediate all systems on its own.

To scale security, FanDuel launched a HackerOne bug bounty in 2015, treating external researchers as an extension of its team and maintaining a broad scope that includes mobile apps, subdomains and internal DNS assets. The program has helped FanDuel fix about 85 vulnerabilities, paid over $35,000 in bounties, reduced reliance on scheduled pentests, sped up discovery across daily releases, and strengthened developer collaboration and overall security posture.

FanDuel

Liam Somerville

Security Operations Engineer