The Shopify Hacker-Powered Security Story

Shopify uses bug bounties to safeguard their merchants and turn the tables on vulnerabilities...and criminals.


© HackerOne | Privacy | Terms

Shopify’s ecommerce platform helps more than a half-million merchants set-up, and manage their online store processing over $55B in customer transactions. 

Follow their hacker-powered security journey from the beginning: how responding to an external developers vulnerability report over 6 years ago evolved to the model public bug bounty program that it is today. 

Shopify’s story can be valuable for organizations, small or large; whether looking to start with an initial vulnerability disclosure policy with the HackerOne Response product or with the maturity and readiness to embrace a continuous security solution with HackerOne Bounty. 


  • The ROI of paying out $300,000 in bounties on one day

  • Why they conducted a one-day penetration test with hackers and how they recruited top hacker talent to their security team

Tips on running a successful program from Andrew Dunbar, Shopify’s Director of Risk and Compliance including what metrics Shopify tracks and how they manage their program

Fix the following errors: