COMFY paid 200,000 UAH to a white hat hacker for discovering a critical vulnerability

Savchenko sent information about the problem through the contact center. It concerned the possibility of receiving bonuses multiple times as part of marketing activity, which created the risk of uncontrolled accumulation of funds in the bonus account.

After verification and technical testing, COMFY confirmed the vulnerability, assessed the potential damage in case of abuse, and promptly eliminated it. Internal monitoring systems did not record the anomaly, which revealed the need to improve control processes.

The company decided to pay UAH 200,000 as a reward for responsible disclosure. This is the first such case in COMFY's history and one of the few public examples of bug bounty payments in Ukrainian retail.

Vadym Savchenko has experience in IT and cybersecurity. In his communication with the company, he noted that he considers helping businesses prevent cyberattacks an important part of shared responsibility in wartime. It was for these reasons that he quickly contacted COMFY immediately after discovering the problem.

Back in 2018, COMFY publicly supported the ethical hacking movement: the company posted a special file on its server inviting security researchers to interact with it and identified channels for responsible vulnerability disclosure. The current story is a logical continuation of this practice.

"iPhone 16 is already in Ukraine! But this is bad news." COMFY CEO spoke about the illegal sale of iPhone 16 in Yabko, Yabluka and TechnoEzhak stores

On the topic

"iPhone 16 is already in Ukraine! But this is bad news." COMFY CEO spoke about the illegal sale of iPhone 16 in Yabko, Yabluka and TechnoEzhak stores

Read the country's main IT news in our Telegram

On the topic

Read the country's main IT news in our Telegram