Banner object (1)

Hack and Take the Cash !

822 bounties in database
  Back Link to program      
Zynga Whitehat logo
Hall of Fame

Zynga Whitehat

Zynga Inc. is an American social game developer running social video game services.

Zynga invites you to test and help secure our publicly accessible web presence and games. We're highly interested in knowing about any vulnerabilities that may extend to any web-based property we own/control (online games, etc). We appreciate your efforts and hard work in making the internet more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!


For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

This program only awards points for VRT based submissions.


In scope

Target name | Type
* | Website
* | Website
Zynga branded games - ioS | iOS
Zynga branded games - Android | Android
Zynga branded games - Windows | Other

Any domain/property of Zynga not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to before submitting.

Target info:


Researchers are free to self provision or utilize any existing accounts they own - DO NOT test against any accounts you do not expressly own. If/when registering for testing purposes, please do so using your email address. For more info regarding @bugcrowdninja email addresses, see here.

Testing Notes:

  • When testing or submitting against any forms that may go to a person on the other end (e.g. contact, support, etc), please be sure to include "Bugcrowd Testing -- Disregard" with your payloads.
  • When testing against any forms that may result in publicly facing content (e.g. "as a question" - please delete your post immediately after you've reviewed the outcome of your attempted attack). e.g. on community pages, etc
  • Note that you're free to self-provision any accounts that you're able to (e.g. community, etc).

No pre-provisioned accounts will be provided for this program.

  • Valid and accepted submissions are eligible for our Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue.

Out of Scope:

  • Facebook, Wordpress or other 3rd party websites or 3rd party website games are not in scope
  • Missing DMARC
  • Missing SPF Record
  • Missing Rate Limiting Password Reset
  • Failure to Invalidate Session On Password Reset and/or Change

Program rules

This program follows Bugcrowd’s standard disclosure terms.

Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name

Zynga branded games - Android


Zynga branded games - ioS


Zynga branded games - Windows





Firebounty have crawled on 2019-02-14 the programe Zynga Whitehat on the platform Bugcrowd.

FireBounty © 2015-2020

Legal notices