Whoop Bug Bounty icon Whoop Bug Bounty HackerOne

Target Policy
https://hackerone.com/whoop_bug_bounty?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • com.whoop.android
    GOOGLE_PLAY_APP_ID
    critical
  • app.whoop.com
    URL
    critical
  • WHOOP 5.0/MG STRAP
    OTHER
    critical
  • join.whoop.com
    OTHER
    critical
  • com.whoop.iphone
    APPLE_STORE_APP_ID
    critical
  • WHOOP 4.0 STRAP
    OTHER
    critical
  • shop.whoop.com
    URL
    critical
  • api.prod.whoop.com

    Destructive actions are prohibited. We will verify if a destructive action is possible. If you delete data or impact a user’s experience we will consider this as a destructive action.

    This is the API that supports the WHOOP App. Successful submissions must demonstrate unauthorized access to data beyond the credential’s expected access. For instance, finding API keys of users on GitHub will not be accepted.

    URL
    critical
Target Scope Domains
  • api.prod.whoop.com
  • app.whoop.com
  • shop.whoop.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kcrlf
allkxss
1 day, 21 hours ago
Finished
auto-gausubs-2-kcrlf
  • Fleet: allkxss
  • Duration: 28 Seconds
  • Finished: 1 day, 21 hours ago