Bug Bounties

Plaid

Powered by: 

Allows bounty splitting: 

Average time to first program response: 7

Average time to bounty awarded null: 

Average time to report resolved: 

Handle plaid

Managed program: true

Name: Plaid

Offers bounties: true

Offers swag: false

Response efficiency percentage: 91

Submission state: open

Url: https://hackerone.com/plaid

Website: https://plaid.com

In scope:

  • Asset identifier: app.quovo.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: cdn.plaid.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is on Amazon CloudFront, so the scope here is limited to our content and configuration issues.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: dashboard.plaid.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid's developer dashboard
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: demo.plaid.com
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Demo Plaid developer integration
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: https://github.com/plaid/plaid-link-android
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/plaid/plaid-link-examples
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/plaid/plaid-link-ios
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/plaid/plaid-ruby
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: The official Ruby bindings for the Plaid API. It's generated from our OpenAPI schema
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/plaid/react-native-plaid-link-sdk
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid Link for React Native
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/plaid/react-plaid-link
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: React hooks and components for integrating with the Plaid Link drop module
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: my.plaid.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Portal for customers to access their information as seen by Plaid apps they have permissioned. https://my.plaid.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: plaid.com
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid's marketing website, not full *.plaid.com
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: production.plaid.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Plaid's developer API. Docs: https://plaid.com/docs
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: secure.plaid.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is an alias for cdn.plaid.com
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: secure.quovo.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical