Bug Bounties

Instacart

Powered by: 

Allows bounty splitting: 

Average time to first program response: 9

Average time to bounty awarded null: 650

Average time to report resolved: 6533

Handle instacart

Managed program: true

Name: Instacart

Offers bounties: true

Offers swag: false

Response efficiency percentage: 97

Submission state: open

Url: https://hackerone.com/instacart

Website: https://instacart.com

In scope:

  • Asset identifier: *.instacart.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.instacart.tools
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: 545599256
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Instacart’s iOS application for online grocery delivery. package name: com.instacart
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Android & iOS App for Instacart Shoppers
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: To download the shoppers app please visit https://shoppers.instacart.com/apps and enter your phone number to get the download link What it does? Shoppers receive orders through the app on their smartphone and then they shop and deliver groceries to the customers
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: admin.instacart.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: An admin page that lets our internal users access tools, reports. It is used by customer support for order refunds, redelivery. Internal corporate employees can use it for editing store configuration and warehouse availability.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: api.instacart.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: A service that allows Instacart's retailers to connect to Instacart's API to do fulfillment through their apps/websites.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: com.instacart.client
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Instacart’s Android application for online grocery delivery.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: shoppers.instacart.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: A service that allows people to apply for the shoppers position at Instacart
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: www.instacart.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Web application to provide online ordering of groceries for either delivery or in store pick up.
  • Integrity requirements: high
  • Max severity: critical