Bounty Program

Ellipse 21233

Grab is Southeast Asia's #1 ride-hailing app, food delivery service and cashless payment solution.


Android , API , iOS , Web


Bounty (up to)

Rp. 4.000.000

Dear researchers,

Hope you are all excited as we will be having another round of Grab campaign this Jun!
Having said that, you can earn as much as 1.5x for any valid P0 (Critical) report you submit to the program effective 12 Jun 2023 until the 11 July 2023. All the in-scope for this promotion will be available in the campaign section of the policy page.
Please note that the vulnerabilities that we are focussing at:

Business Logic

Authentication and Authorization

Also do take note that the usual program rules will apply. Kindly ensure you review the policy page before conducting any testing and submitting reports.
Happy hacking! Grab Security Team

UPDATE (27 MAY 2022): We’ve increased bounty rewards for mobile app assets!
Grab is excited to share the standard bounty rewards for mobile app assets have been increased by 50%!
Effective from 27 May 2022, hackers will be able to earn up to $15,000 for a valid critical vulnerability! The Grab mobile apps are core and essential to our business – so we want to continuously ensure that the program remains competitive and hackers rewarded generously for their contribution.
Breakdown of updated bounty rewards by asset category: