Powered by: Allows bounty splitting:
Average time to first program response: 7
Average time to bounty awarded null: 299
Average time to report resolved: 793
Handle starbucks
Managed program: true
Name: Starbucks
Offers bounties: true
Offers swag: false
Response efficiency percentage: 95
Submission state: open
Url: https://hackerone.com/starbucks
Website: http://www.starbucks.com
In scope: Asset identifier: Other assetsAsset type: OTHERAvailability requirement: Confidentiality requirement: Eligible for bounty: Eligible for submissions: trueInstruction: If you have found a vulnerability in a Starbucks site or app not contained within this list, you can still submit, and Starbucks will triage the report.
These types of reports will not result in a monetary reward but valid reports that are resolved can improve your reputation score on the HackerOne platform.Integrity requirements: Max severity: criticalAsset identifier: Subdomain Takeover (SDTO)Asset type: OTHERAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Subdomain Takeovers will be evaluated on their severity considering cookie scoping, historical significance and potential traffic volume. They maybe bounty eligible or alternately informative as determined by their security impact to Starbucks.
Refer to the Appropriate Proof of Concepts section of this policy for information on how to construct a valid proof of concept for these reports.Integrity requirements: Max severity: criticalAsset identifier: app.starbucks.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks US
https://app.starbucks.comIntegrity requirements: Max severity: criticalAsset identifier: card.starbucks.com.sgAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Rewards Singapore
https://card.starbucks.com.sgIntegrity requirements: Max severity: criticalAsset identifier: cart.starbucks.co.jpAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Japan Store Cart/Checkout
https://cart.starbucks.co.jp/Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.brAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Brazil ios app
https://itunes.apple.com/br/app/starbucks-brasil/id1041179480Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.brAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Brazil Android App.
https://play.google.com/store/apps/details?id=com.starbucks.brIntegrity requirements: Max severity: criticalAsset identifier: com.starbucks.cnAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks China Android App.
https://play.google.com/store/apps/details?id=com.starbucks.cnIntegrity requirements: Max severity: criticalAsset identifier: com.starbucks.deAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Germany ios app.
https://itunes.apple.com/de/app/starbucks-deutschland/id948562829Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.deAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Germany Android App
https://play.google.com/store/apps/details?id=com.starbucks.de
Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.frAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks France ios app.
https://itunes.apple.com/fr/app/starbucks-france/id943993603Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.frAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks France Android App
https://play.google.com/store/apps/details?id=com.starbucks.frIntegrity requirements: Max severity: criticalAsset identifier: com.starbucks.jpAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Japan ios app
https://itunes.apple.com/jp/app/id1113037275Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.jpAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Japan Android App.
https://play.google.com/store/apps/details?id=com.starbucks.jpIntegrity requirements: Max severity: criticalAsset identifier: com.starbucks.mobilecardAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks USA Android app.
https://play.google.com/store/apps/details?id=com.starbucks.mobilecardIntegrity requirements: Max severity: criticalAsset identifier: com.starbucks.mystarbucksAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks US ios app.
https://itunes.apple.com/us/app/starbucks/id331177714Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.mystarbucks.krAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Korea iOS App
https://itunes.apple.com/us/app/%EC%8A%A4%ED%83%80%EB%B2%85%EC%8A%A4/id466682252Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.sbuxsingaporeAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Singapore iOS App
https://itunes.apple.com/sg/app/starbucks-singapore/id574621564Integrity requirements: Max severity: criticalAsset identifier: com.starbucks.singaporeAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Singapore Android App
https://play.google.com/store/apps/details?id=com.starbucks.singapore
Assets eligible for bounty referenced directly by this app:
https://mobile.starbucks.com.sgIntegrity requirements: Max severity: criticalAsset identifier: com.starbuckschina.mystarbucksmomentsAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks China ios app
https://itunes.apple.com/us/app/starbucks-china/id499819758Integrity requirements: Max severity: criticalAsset identifier: gift.starbucks.co.jpAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks e-gift Japan
https://gift.starbucks.co.jp/Integrity requirements: Max severity: criticalAsset identifier: login.starbucks.co.jpAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Japan Login page
https://login.starbucks.co.jp/Integrity requirements: Max severity: criticalAsset identifier: openapi.starbucks.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks digital service capabilities to 3rd party business partner(s)/cooperators via standard Open API.Integrity requirements: Max severity: criticalAsset identifier: secureui.starbucks.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Payment Processing
https://secureui.starbucks.com/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.caAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Canada
https://www.starbucks.ca/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.co.jpAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Japan
https://www.starbucks.co.jpIntegrity requirements: Max severity: criticalAsset identifier: www.starbucks.co.krAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Korea
https://www.istarbucks.co.kr
https://www.starbucks.co.kr
istarbucks.co.kr used to be the main Starbucks site in the region, but is now a redirector to starbucks.co.kr. Bugs in the redirector or in the www.starbucks.co.kr site are accepted under this scope.Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.co.ukAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks UK
www.starbucks.co.ukIntegrity requirements: Max severity: criticalAsset identifier: www.starbucks.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks US
https://www.starbucks.com/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.com.brAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Brazil
https://www.starbucks.com.br/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.com.cnAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks China
https://www.starbucks.com.cn/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.com.sgAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Singapore
https://www.starbucks.com.sg/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.deAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Germany
https://www.starbucks.de/Integrity requirements: Max severity: criticalAsset identifier: www.starbucks.frAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks France
https://www.starbucks.fr/Integrity requirements: Max severity: criticalAsset identifier: www.starbucksreserve.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Starbucks Reserve
https://www.starbucksreserve.com/Integrity requirements: Max severity: critical
