Banner Image

For the longest time, security has been at the center of our priorities. There’s nothing more self-evident about the trust our millions of driving partners and consumers put in Grab. We strive every day to build the best tools available to ensure their data stays secure.

For this reason, we launched our private bug bounty programme one year ago, allowing security researchers to scrutinise our code and flag vulnerabilities for handsome rewards. Over the past twelve months, we have been able to work with more than 350 talented researchers and have awarded nearly 200 bug reports. We would like to take this opportunity to thank everyone who submitted reports and helped us become more secure. As much as we have received some exceptional reports, we are looking for more!

Today, we are excited to officially announce our public bug bounty program!

Working with HackerOne, we want to continue to drive our security efforts forward. Are you up for the challenge to #hackallthethings and earn big rewards?!

Come find our vulnerabilities and help us create one of the most secure platforms in the world! Are you sharp enough to identify any remote code execution, SQL injections, exportable XSS vulnerabilities or overall high impact security issues?

We care about our users, so work with us to protect them as best we can. Help us resolve security issues to protect users with transparency, responsibility, and ethical practices. Depending on the impact and severity, our programme will reward up to $10,000 per bug report.

We look forward to awarding some valid reports! Can’t wait to start?

Visit for complete guidelines, details, terms and conditions.

Happy hacking!

Grab Security Team