July 9, 2019

Scope Release Event, Phase 1

Note: Verizon Media is now known as Yahoo.

Event Release 1

Dedicated Hackers,

Announcing the start of Phase 1 of this scope release event. Think of it like a new program is launching, but knowing that our legendary team of Paranoids and HackerOne stand behind this program already.

Please read the previous message for the event schedule.

Phase 1: Scope Release Announcement & Dupe Period

  • Begin your recon and testing!
  • New assets will be listed on the program page in the Scope section.
  • Start submitting reports to us and make sure to use the new assets.
  • All reports submitted during this period will be deduplicated against each other, any bounties will be evenly split among all reports for the same vulnerability.
  • All duplicated reports during this phase will receive full credit when ranked at the end of this cycle.


  1. Register accounts (self-service) using your <username>@wearehackerone.com addresses.
  2. Make sure to add the X-Bug-Bounty: hackerone-<username> header to your traffic.


  • Build By Girls (*.builtbygirls.com)
  • BUILD (*.buildseries.com)
  • MAKERS (*.makers.com)
  • Mobile Apps included
  • APIs included
  • Note: jobs.builtbygirls.com is out of scope. Bugs found here should be reported to Jobboard.io. This is a third party and we do not authorize anyone to test this service.*

This phase will end on July 15.

If you have any questions, feel free to reach out to us however works for you. We’ve even stood up a channel, #verizonmedia, on the Bug Bounty Forum slack workspace to specifically engage in conversation with our bug hunter community.

Happy Hacking,

The Paranoids