Create a Hunter account on YesWeHack
ℹ️ You must create and verify an account on the platform if you want to submit a vulnerability report on a Bug Bounty program.
How to create an account
Fill out the fields and accept YesWeHack General Conditions of Use (CGU)
Click on “Hack the planet”
Open your inbox to retrieve the email titled “Activate Your Account”
Click on the “Activate my account” button
You may now log in to your account, browse the YesWeHack public programs, and start to hunt!
“Accept ” the terms & conditions to access the YesWeHack public programs
‘Blacklisted’ countries
⚠️ When you create an account on the platform, you must specify your country of residence. Our payment provider maintains a list of ‘Blacklisted countries’ where money transfers are not permitted.
What are the ‘blacklisted’ countries?
These are countries that are considered to be high-risk by regulators and that are identified as such by our Payment Service Provider (MangoPay).
These countries are thus blacklisted by MangoPay which uses official lists from international organisations to determine which countries should be blacklisted.
The list of countries where users are allowed to transfer money is available here.
You can also check if a country is blacklisted by going on our registration form here and by selecting said country in the “country of residence” field. A red message will appear if your country is blacklisted.
What happens if I live in a ‘blacklisted’ country?
Users cannot process payments to bank accounts hosted in those countries but anyone can create an account on our platform, no matter your country of residence.
If you get a reward but your country is ‘blacklisted’, you might not be able to withdraw this reward towards your bank account. In this case, this money will remain on your e-wallet for as long as necessary, until an alternative payout option is found or your country is whitelisted.
Authentication
To configure authentication options:
Go to “User settings” in the drop down menu or in the left side menu
Session access restriction
To increase the security of YesWeHack user sessions, users are able to restrict access to their sessions to the IP address that initiated the connection. If a new IP address uses the same session token, the session will not work.
If the connection legitimately uses several different egress IP addresses (e.g., mobile networks, VPN providers, etc.), the use of this feature is not recommended.
To enable session access restriction:
Click on “Edit” (Pencil icon)
Click on the radiobutton
Choose a “Password”
Click on “Update”
TOTP
Account access can be secured using two-factor authentication. A Time-based One-Time Password algorithm (TOTP) is used as the second factor. In addition to the email address and password, it is required to enter a six-digit code based on a shared secret and valid for only 30 seconds.
Activation of the TOTP is a prerequisite for access to programs marked as "Secured".
Click on “Edit” (Pencil icon)
Click on the checkbox
Choose a “Password”
Click on “Update”
KYC Verification & Strong Customer Authentication (SCA)
You must verify your account to submit vulnerability reports on programs and earn rewards. Complete the Known Your Customer (KYC) process, including Strong Customer Authentication (SCA), to access your payment account.
ℹ️ To learn how to complete KYC verification and enroll in SCA, click here.