Case Study: PayPal strengthens security and scales its global bug bounty program with HackerOne

PayPal - Customer Case Study

PayPal, the global digital payments platform with 267 million active account holders in more than 200 markets, needed to protect vast amounts of financial data across web and mobile channels while staying agile amid acquisitions and a complex, multi-currency ecosystem. The security team sought a scalable way to find and remediate vulnerabilities, engage the external researcher community, and align practices with industry standards.

Partnering with HackerOne allowed PayPal to scale its bug bounty program—growing participation from roughly 2,000 to over 300,000 researchers, tripling bounty payouts, and formalizing triage, reward, and remediation workflows. The program became a “backstop” that feeds validated findings into development and security teams, enabled coordinated responses (notably the Struts zero-day in early 2017 with rapid WAF mitigation), improved proactive controls, increased transparency, and earned international recognition.

PayPal

Sonal Shrivastava

Information Security Engineer