Skip to main content

Kim Dotcom launches hack reward scheme for Mega

Following the launch of his highly anticipated cloud storage service, Kim Dotcom is eager to test Mega's security by launching a public bug hunt - or, as the site describes it, the "MEGA Vulnerability Reward Program."

According to the program's description, Mega has apparently already suffered "three direct hits" to its security. The service is now offering up to 10,000 Euros (£8,700) for every bug that users find, limited to specific scenarios and setups.

For example, Mega is looking to reward those who successfully find a way to execute code on either Mega servers or the service's client browser. The program will also reward those who manage to break or exploit Mega's cryptography for the files stored on its system, the access control that Mega's put into place for said files (either overwriting or destroying them), or "Any issue that jeopardizes an account's data in case the associated e-mail address is compromised."

Before you start licking your lips and dreaming about your larger bank account, there are a host of bugs that don't qualify for any Mega rewards, including: "Anything requiring extreme computing power (2^60 cryptographic operations+) or a working quantum computer. This includes allegedly predictable random numbers — you qualify only if you are able to show an actual weakness rather than general conjecture."

In other words, it' best you check the website and the qualifications before you start trying to find Mega exploits.

Additionally, Mega's thrown up two "bonus bounties" that can earn submitters, "the maximum reward." In one scenario, Mega simply wants a key – specifically, the exact key that one would need to use to decrypt a file stored on the site. In the other, an industrious exploiter would have to somehow extract a password that's been encoded in a typical user's signup confirmation link.

With but two weeks' of life to its name, Mega has already surged past one million registered users who are hosting more than 50 million files on the service. It'll be interesting to see how Mega's challenge might increase the enthusiasm of some Mega critics – including members of Anonymous itself – who now get a bit of a cash incentive to try and disrupt Dotcom's brand-new site.