Who don't love complimentary gifts regardless of how much cash you have? One advantage for me after getting involved in Bug Bounties is I love particular organization Shirts, Swags and stickers and now I have a bunch of collections. I frequently called myself freebies hunter rather than Bug Bounty Hunter :P
Well in my social circles a person posted a photo of his lid back with a stuck couple of stickers and unsplash stickers was additionally a piece of that accumulation. I went to their site and found that it's a website dedicated to sharing copyright-free photography under the Unsplash license. I founded the best room for me. I established the best space for me.
At the time I don't know whether they have a responsible disclosure policy or not. Without sitting idle and looking for any security policy page, I registered myself here and began pentesting not for bounty hunting but for bug freebies reward hunting. I know it sounds unfathomably horrendous. After searching and looking into pages I discovered a security and it initiates my inner monster of Bug Hunting, just joking.
I was searching for security-related issues, I experienced their API documentation and discovered many intriguing things here.
In a couple of hours, I established three security vulnerabilities in their Web Application and one in their APIs which can disclose private and delicate data.
I reported these security vulnerabilities to their security team with detail explained and got responses from them in the next couple of hours.
Because of their security policy, I can't uncover finished bug reports with Proof of Concept. After addressing these security discoveries, Unsplash Co-founder & CPO recommended me on LinkedIn.
They will be adding me in their security page soon. It was truly a good experience with Unsplash and I truly appreciate their support team. A debt of gratitude is in order for pursuing. Keep in contact to pursue more nitty-gritty reviews on bug bounty and more identified with InfoSec.