Case Study: Mail.Ru Group resolves 3,400+ vulnerabilities with HackerOne

Mail.Ru Group Limited - Customer Case Study

Mail.ru Group, an early adopter of bug bounty programs, launched its HackerOne bounty in 2014 to eliminate critical vulnerabilities that traditional security processes missed. The initial challenge was securing core services (Mail, Cloud, Calendar) and a growing ecosystem while hunting high-impact issues like RCE, SQL injection and XSS across partner integrations.

By partnering with HackerOne and using creative incentives (grants, conference promo bonuses) plus a policy of paying for partner/out-of-scope high-severity issues, Mail.ru built one of the world’s largest public programs. The results: 3,465 valid reports and 3,409+ vulnerabilities fixed (including 83 critical and 234 high), >$1M paid in bounties, 999+ unique hackers, a top payout of $35K, and a #3 rank for most vulnerabilities solved—while continuing to expand into B2B and gaming services.

Mail.Ru Group Limited

Vladimir Dubrovin

Information Security Technical Advisor