Boku Bug Bounty Program

If you are a security researcher that has found a vulnerability in a Boku system or product then we want to hear from you.  

A guide to making a submission:

  • Email your findings to
  • Submissions should contain steps to reproduce your proof along with a detailed analysis.  
  • If your contribution helps Boku to address vulnerabilities that we are not aware of and you are the first external researcher to identify a vulnerability then you may be eligible for a bounty award.
  • Read our Terms and Conditions before submitting.

Avoid harm to Boku
Avoid research that causes harm to Boku systems, destroys data or causes an interruption to service. If you discover Boku data or are unclear if it is safe to proceed, please use good judgement and contact us.

Out of scope for Bounty reward
Reports from automated tools or scans must include additional analysis to demonstrate the exploitability of the vulnerability.

Out of scope social engineering and physical security attacks
Submissions that require social engineering of our staff are not eligible for a bounty reward.
Submissions that require a physical attack  on our Boku offices are not eligible for a bounty reward.