Drug-Resistant Fungus Computing's Top Prize Google's AI Chatbot Beat Airline Ticket Prices ChatGPT Bug 7 Daily Habits for Happiness Weigh Yourself Accurately 12 Healthy Spring Recipes
Want CNET to notify you of price drops and the latest stories?
No, thank you

Google ups cash reward for being hacked

Many of the Web giant's products are susceptible to attacks -- that's why the Web giant says it will now pay up to $20,000 for anyone to find "qualifying vulnerabilities."

In an effort to cut down on hacking, bugs, and vulnerabilities, Google offers dollar rewards for people to hack into its Web services.

The Internet giant began swapping security research for cash over the past couple of years, but today it announced that it was upping the ante.

"In just over a year, the program paid out around $460,000 to roughly 200 individuals," Google security team members Adam Mein and Michal Zalewski wrote in a blog post. "We're confident beyond any doubt the program has made Google users safer."

As of today, hackers can get up to $20,000 for "qualifying vulnerabilities," $10,000 for SQL injection and certain kinds information disclosure, authentication, and authorization bypass bugs, and around $3,000 for XSS, XSRF, and other high-impact flaws in sensitive applications. Before now, Google's highest payout was $3,133.70, according to Forbes.

Many Google products are susceptible to attacks that could potentially tap into users' private information. Take Google Wallet -- vulnerabilities could lead hackers to accessing users' funds via prepaid card information. Mein and Zalewski say higher rewards will be paid for finding flaws in services where there is higher risk to user data, such as Google Wallet.

Since the Web company launched its Vulnerability Reward Program in November 2010, it has received more than "780 qualifying vulnerability reports that span across the hundreds of Google-developed services," according to the blog post.

The program was devised to recruit external researchers to find system bugs and flaws. Newly acquired companies and Google client applications, such as Android, Picasa, and Google Desktop, are not included in the rewards program.