Bug Bounties

Expedia Group

Powered by: 

Allows bounty splitting: 

Average time to first program response: 8

Average time to bounty awarded null: 

Average time to report resolved: 401

Handle expediagroup

Managed program: true

Name: Expedia Group

Offers bounties: false

Offers swag: false

Response efficiency percentage: 95

Submission state: open

Url: https://hackerone.com/expediagroup

Website: https://www.expediagroup.com/

In scope:

  • Asset identifier: *.abritel.fr
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.bookabach.co.nz
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.carrentals.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.cheaptickets.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.cruiseshipcenters.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.ean.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.ebookers.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.egadvertising.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.expedia.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.expediaagents.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.expediagroup.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.expediapartnercentral.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.expediapartnersolutions.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.fewo-direkt.de
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.flights.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.homeaway.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.hoteis.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.hoteles.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.hotels.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.hotwire.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.hotwirepartnercentral.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.lastminute.co.nz
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Please note **.lastminute.com* is a different property and is __NOT__ owned by Expedia Group. As such, submissions on **.lastminute.com* are out of scope.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.lastminute.com.au
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Please note **.lastminute.com* is a different property and is __NOT__ owned by Expedia Group. As such, submissions on **.lastminute.com* are out of scope.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.mrjet.se
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.orbitz.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.stayz.com.au
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.travelocity.ca
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.travelocity.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.vrbo.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.wotif.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: Other Expedia-owned Asset
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Please report any security issues on Expedia-owned assets (i.e. leaked GitHub tokens, AWS secret keys, Expedia PII or other subdomains not listed in the policy)
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: china.airasiago.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: thailand.airasiago.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.cruiseshipcenters.com/api/searchcenter
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: *Policy Guidance for API:* We are not currently providing credentials for this asset.
  • Integrity requirements: 
  • Max severity: critical